Cosmos patches ‘critical’ IBC protocol bug saving $126M
Cosmos developers have fixed a “critical” security bug in its Inter-Blockchain Communication (IBC) protocol which put at least $126 million at risk, says a blockchain security firm that privately notified Cosmos of the issue.
“We privately disclosed the vulnerability through the Cosmos HackerOne Bug Bounty program and the issue is now patched,” Asymmetric Research said on April 23.
“No malicious exploitation took place and no funds were lost,” it added.
The bug could have allowed a reentrancy attack allowing a hacker to mint infinite tokens on IBC-connected chains like Osmosis and other decentralized finance ecosystems on Cosmos.
“We believe at least 126M+ in assets could have been stolen on Osmosis. However, rate limiting on Osmosis slows down the damage that could be caused.”
Rate limits serve to prevent or at least mitigate attacks that attempt to overwhelm a system by controlling the rate at which requests are made.
Asymmetric noted the bug has existed in ibc-go — a high-level programming language implementation of IBC — since it launched in 2021.
The bug only recently became exploitable, however, after Cosmos devs launched a new third-party application called IBC middleware — which allows ICS20 (interchain token standard) tokens to cross chains .
Related: Cosmos Hub greenlights ATOM inflation cut for security boost
“This issue demonstrates how easy it is to break trust assumptions and introduce new vulnerabilities by adding new features and functionality. It is also another example of the importance of defense-in-depth,” Asymmetric emphasized.
“This vulnerability highlights the critical need for more research into cross-chain security risks to protect the multichain ecosystem better."
The bug was patched up by Cosmos dev Carlos Rodriguez about three weeks ago, a GitHub commit shows.
Another “critical” security vulnerability was identified in the IBC protocol in October 2022, which impacted all IBC-connected chains but was patched before any potential exploit.
Magazine: Are DAOs overhyped and unworkable? Lessons from the front lines
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Pro-crypto Pierre Poilievre leads Polymarket odds to become Canada's next prime minister, replacing Justin Trudeau
Users of the decentralized prediction platform Polymarket are giving 89% odds in favor of Pierre Poilievre becoming Canada’s next elected prime minister.The total trading volume on who will become Canada’s prime minister hit $412,095 on Monday, as Justin Trudeau tendered his resignation.
Bitcoin and Altcoins Are Booming! What’s Driving the Rise? Which Altcoins Are Hot? What are the Liquidation Data? Here is the Answer to All
The Bitcoin and altcoin world began to experience a sudden rise, and the psychological barrier of $100,000 was broken in BTC price.
Intriguing Link Between Bitcoin Price and Satoshi Nakamoto’s Identity Revealed
It turns out that there is an intriguing connection between the price of Bitcoin and the identity of its founder, Satoshi Nakamoto.
Analyst Claims Bitcoin Entering Final Stages of Bull Rally, Cites Data
A crypto analyst has claimed that the Bitcoin chart is now entering the final stages of a bull market.
Trending news
MoreCrypto prices
More
