Terra Blockchain Relaunched Following $5.2 Million Hack

On July 31, a hacker attacked the Terra (Phoenix-1) network, stealing digital assets totaling approximately $5.2 million.

?Attention Terra users: Please be advised that the chain will be halted shortly at block height 11430400 and transactions will not be processed during this time.

We will be working with the validators on Terra (phoenix-1) to apply an emergency patch thereafter to remediate a…

— Terra ? Powered by LUNA ? (@terra_money) July 31, 2024

According to the developers, the blockchain was halted at height #11,430,400 to implement fixes.

“We are working with Terra validators to apply an emergency patch to address the suspected vulnerability,” the publication stated.

Beosin Alert analysts reported that the hacker managed to extract 60 million ASTRO, 3.5 million USDC, 500,000 USDT, and 2.7 BTC.

Terra blockchain was exploited for ~60M $ASTRO, 3.5M $USDC, 500k $USDT, and 2.7 $BTC.

The attacker exploited a reentrancy vulnerability in the timeout callback of ibc-hooks. The vulnerability was disclosed in April this year:https://t.co/CY39X28KyE https://t.co/hY9xA40hbJ

— Beosin Alert (@BeosinAlert) July 31, 2024

The perpetrator exploited a reentrancy vulnerability related to a third-party IBC hooks module, which facilitates cross-chain contract calls and token transfers, researchers claim.

The company also clarified that this vulnerability was discovered back in April.

Three and a half hours after the shutdown, Terra resumed block production following an emergency update. At the time of the post, 67% of validators had updated their nodes to prevent a repeat attack.

The Terra chain has resumed block production at approximately 4:19 AM UTC today and the emergency chain upgrade is now complete.

Transactions are now being processed, and users may resume normal activities.

Validators holding over 67% of the voting power on Terra have upgraded…

— Terra ? Powered by LUNA ? (@terra_money) July 31, 2024

In a comment to The Block, Sommelier Protocol co-founder Zaki Manian explained that the exploit discovered months ago was almost immediately fixed in the Cosmos ecosystem. However, Terra’s updates did not include this patch.

“It seems that Terra’s June upgrade did not apply the fix. All USDC from the [multichain platform] Axelar connected to Terra was stolen using the IBC hooks vulnerability. A large amount of ASTRO was also stolen,” he clarified.

Following the attack, ASTRO prices plummeted by 54%—the coin fell from $0.45 to $0.2. Its market capitalization dropped below $10 million. Meanwhile, native assets of the Terra ecosystem remained largely unchanged in price.

Back in June, Terraform Labs CEO Chris Amani asked the community to take control of the blockchain as the organization would cease to exist.