Infamous blockchain protocol Terra has recently been allegedly exploited due to a vulnerability that was revealed months ago.
According to a Cyvers Alerts post on X today, July 31, hackers have stolen 60 million ASTRO, 3.5 million USDC, 500,000 USDT and 2.7 Bitcoin (BTC) from the Terra blockchain. The total amount of reported losses has reached roughly $6.8 million.
— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 31, 2024🚨ALERT🚨@terra_money was exploited, resulting in the theft of approximately 60M $ASTRO, 3.5M $USDC, 500K $USDT, and 2.7 $BTC.
The attacker took advantage of a reentrancy vulnerability in the timeout callback of ibc-hooks.
This vulnerability was revealed in April of this year.… https://t.co/56oTpg78Cv
Per the blockchain security company, hackers found a vulnerability in the network’s timeout callback of IBC hooks. This allows the attackers to execute a transaction repetitively that might potentially result in the loss of funds or minting extra tokens.
Cyvers Alerts claims that this vulnerability was “revealed in April of this year.”
Just hours before Cyvers Alerts’ X post, Terra’s official X page posted that the network was halted to “apply an emergency patch” due to an alleged exploit.
— Terra 🌍 Powered by LUNA 🌕 (@terra_money) July 31, 2024The Terra chain has resumed block production at approximately 4:19 AM UTC today and the emergency chain upgrade is now complete.
Transactions are now being processed, and users may resume normal activities.
Validators holding over 67% of the voting power on Terra have upgraded…
At 07:40 UTC, Terra announced that the blockchain had resumed its operations and the emergency upgrade had been completed. The X post added:
“Transactions are now being processed, and users may resume normal activities.”
However, Terra did not share the details and the amount of assets lost yet.
Notably, the ASTRO price suddenly plunged by 60% after Terra halted the network operations.