Terra Blockchain was hit by a $5 million hack during the critical phase of Terraform Labs’ bankruptcy.
Terra Blockchain Compromised by Major Hack
Terra blockchain was halted on July 31 due to a suspected exploit that resulted in the theft of approximately $5 million in assets. The hack was first announced on Terra’s official social media accounts, alerting users to the halt at block height 11430400. The network’s transactions were suspended as developers and validators scrambled to address the security issue.
Uncovering the Terra Hack
The Terra team issued a stark warning: “Attention Terra users: Please be advised that the chain will be halted shortly at block height 11430400, and transactions will not be processed during this time.” The team highlighted a potential exploit and assured users that they were working with validators to apply an emergency patch to resolve the issue. The vulnerability was found in a third-party module known as IBC hooks, which is used for cross-chain contract interactions and token transfers.
The Mechanics of the Exploit
An anonymous attacker exploited a flaw in the IBC hooks module, allowing them to siphon value from bridged assets such as USD Coin (USDC) and Astroport tokens. Preliminary reports indicate that around $5 million in tokens were compromised. This breach caused a notable drop in the price of Terra Luna Classic (LUNC), which fell over 4% before partially recovering.
The attacker used a smart contract, an IBC call with hooks, and a timeout mechanism to gain unauthorized access to the tokens. The specific sequence involved initiating a smart contract on the Terra blockchain, which was then called using an IBC transfer that timed out, allowing the tokens to arrive in the exploiter’s account. Despite their wallet never holding more than 56 LUNA and 7,800 USDC at a time, the attacker managed to steal millions in assets.
Investigating the Impact
As the Terra team works to investigate the breach, they have resumed block production and implemented an emergency upgrade to prevent further exploits. In a post on social media, they announced, “The Terra chain has resumed block production at approximately 4:19 AM UTC today, and the emergency chain upgrade is now complete. Transactions are now being processed, and users may resume normal activities.”
Efforts for Recovery and Support
Despite the quick response, details about the recovery of stolen funds remain unclear. Validators holding over 67% of the voting power have upgraded their nodes to prevent similar incidents. More validators are expected to follow suit. The team has not yet provided a concrete plan for recovering the stolen assets.
In addition, Astroport has stepped in to support the recovery efforts. They stated, “The Astroport contributors are working with the other chains and Cosmos builders to determine what measures can be taken. We will keep you updated as we learn more.”
Also Read: Crypto Influencer Exposes Do Kwon’s Alleged Fraud at Terraform Labs
Discussion about this post