Terra Blockchain Restarts After $4M Exploit
A reentrancy attack briefly halted the network. It restarted after an “emergency” chain upgrade.
Jul 31, 2024 at 11:11 a.m. UTC:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/EQIWBBPUXVFFLIN4TV4NPCO3UM.jpg)
- Terra blockchain halted operations on Wednesday after a reentrancy attack exploited a vulnerability, with over $4 million in various tokens stolen.
- The exploit targeted a vulnerability that had been disclosed in April, but reappeared in a June upgrade.
Terra developers briefly paused network operations on Wednesday after an apparent reentrancy attack led to over $4 million of various tokens being taken from the blockchain.
The blockchain halted at block height 11430400 for an emergency patch to fix the vulnerability. The fix was completed at 04:19 UTC. Validators, the entities that support the network, with over 67% of the voting power on Terra upgraded their nodes to prevent the exploit from recurring, according to a post on the X.
Security firm Beosin estimated $3.5 million of the USDC stablecoin, $500,000 in the USDT stablecoin, 2.7 bitcoin (BTC) and more than 60 million of Astroport’s ASTRO were stolen in the attack.
“The attacker exploited a reentrancy vulnerability in the timeout callback of ibc-hooks,” Beosin said. “The vulnerability was disclosed in April this year.”
ASTRO fell 56% in the aftermath of the attack, CoinGecko data shows. Meanwhile, Terra's luna classic (LUNC) tokens are down 3.4% in the past 24 hours.
Reentrancy is a common bug that allows exploiters to trick a smart contract by making repeated calls to a protocol to steal assets. A call authorizes the smart contract address to interact with a user’s wallet address.
:format(webp)/s3.amazonaws.com/arc-authors/coindesk/6c6bb5af-692c-4fcf-9f8b-a75d0549effd.png)
Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.