Terra Blockchain Suffers Security Breach, With $5.28M in Estimated Losses
The Terra blockchain suffered a security breach that resulted in the unauthorized access and theft of millions of tokens.
The exploit targeted a vulnerability within a third-party module known as IBC hooks, a crucial component facilitating cross-chain contract calls and token movements within the network, crypto researcher Rarma said in a recent post on X .
The breach led to the illicit transfer of assets, including USDC stablecoin and Astroport tokens.
Initial assessments suggest that approximately $5.28 million worth of tokens may have been compromised.
Terra Enacts Emergency Measures in Response to the Breach
In response to the breach, Terra deployed an emergency patch to address the suspected exploit and fortify its defenses against future attacks.
“We will be working with the validators on Terra to apply an emergency patch thereafter to remediate a suspected exploit,” affirmed Terra in a statement addressing the incident.
The vulnerability that was exploited had been identified several months prior and subsequently patched across the broader Cosmos ecosystem in April.
However, a subsequent upgrade on Terra in June inadvertently omitted this critical patch, leaving the platform vulnerable once more and paving the way for the nefarious activities that followed.
“Terra blockchain was exploited for ~60M $ASTRO, 3.5M $USDC, 500k $USDT, and 2.7 $BTC,” smart contract audit firm Beosin said in a post on X.
“There was a vulnerability in IBC hooks discovered by Composable Finance in April,” Zaki Manian, co-founder of Sommelier Finance, said.
He added that it was patched across Cosmos. Terra was patched then.
“It appears that Terra’s June upgrade did not include the patch. All the Axelar USDC bridged to Terra was stolen using the IBC hooks exploit. A large amount of ASTRO was also stolen.”
Terra was hard forked from the Terra Classic network following a major financial collapse in 2022, which was triggered by its algorithmic stablecoin, UST, losing its supposed peg to the US dollar.
At the time of writing, Terra has resumed block production.
Crypto Market Recovers Over Half of Stolen Funds in Q2
The cryptocurrency market has shown great resilience in the face of adversity, achieving a record recovery rate of 77% for stolen funds in the second quarter of 2024.
In Q2 2024, $347.4 million of the stolen crypto funds were successfully recovered or frozen out of the total $512.9 million lost, according to Hacken’s Web3 Security Report Q2 2024.
“For the second consecutive quarter, the silver lining amid the alarming rate of theft in crypto is the amount of funds recovered,” the report wrote.
It is worth noting that cryptocurrency scams have thrived on X, with analysts attributing a significant portion of all crypto scams to scammers on the platform.
Scam Sniffer, a web3 anti-scam company present on X, conducted an analysis revealing that nearly $50 million is lost each month due to account impersonation on X.com.
Earlier, Binance co-founder Yi He raised concerns about the proliferation of cryptocurrency scams on X, questioning whether Musk would take action to tackle the issue.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Glory days: Why we can’t forget Lightning Network
Bitcoin may be more serious now, but we can’t forget about the Lightning Network
Montenegro court rejects Do Kwon’s extradition appeal
The court rejected claims of legal issues, with the US emerging as a likely choice for extradition.
BlackRock doubles down on IBIT exposure through its Global Allocation Fund
The fund now holds over $17 million worth of shares from the spot Bitcoin ETF, which is among the 35 largest funds to ever launch.
Rising crypto scams in France trigger crackdown by authorities
Franch authorities are intensifying efforts to curb burgeoning crypto scams and fraudulent schemes exploiting consumer trust.