On July 31, 2024, the Terra blockchain faced a serious security breach that resulted in the theft of over $4 million in various tokens. The exploit targeted a known vulnerability in the blockchain’s inter-blockchain communication (IBC) protocol, which allowed malicious actors to drain around 60 million ASTRO tokens, 2.7 BTC, and substantial amounts of USDC and USDT stablecoins.
- Exploit and Immediate Impact: The attack exploited a reentrancy vulnerability in the CosmWasm contract, which is part of Terra’s IBC protocol used for cross-chain transactions. This exploit led to the abrupt halt of the Terra blockchain at block height 11430400 to apply an emergency fix. The network resumed operations shortly after, with validators holding over 67% of voting power having patched their nodes against the exploit.
- Market Reactions: The price of ASTRO, the token associated with Astroport, plummeted to an all-time low of $0.01314, reflecting a massive 53% drop in just one day. Terra’s LUNA token also suffered, dropping to $0.385 before stabilizing around $0.3944, marking a 2.7% decline on the day.
- Security Vulnerability: Beosin, a blockchain security firm, reported that the exploit involved a malicious CosmWasm contract, revealing a known vulnerability within the timeout callback of the ibc-hooks. This issue had been flagged previously but was not adequately addressed until after the attack.
- Historical Context: This incident comes in the wake of Terra’s previous collapse in 2022 due to the failure of its algorithmic stablecoin, UST. The collapse had led to widespread contagion in the crypto market, and the current exploit underscores ongoing vulnerabilities in the revamped Terra 2.0 blockchain.
