The Terra blockchain has resumed normal operations after the network implemented a temporary halt to stop a recent exploit.
Earlier today, Terra reported a security breach that led to the theft of various assets, including USDC and Astroport tokens.
The attack
The exploit targeted a vulnerability in IBC-hooks, a third-party add-on for Inter-Blockchain Communication (IBC) that supports cross-chain contract interactions and token transfers. Although Terra patched the issue in April, the fix was unintentionally reversed in a June update.
Cyvers Alert, a Web3 security firm, explained that the attacker exploited a reentrancy vulnerability in the timeout callback of IBC hooks.
The firm revealed that the attacker used this vulnerability to steal assets worth approximately $5 million. This includes 60 million ASTRO valued at around $1 million, 3.5 million USDC, 500,000 USDT, and 2.7 BTC, roughly $178,000 at current rates.
In response, the network paused block production at block height 11,430,400 to implement an emergency patch.
The vulnerability has been fixed as of press time, and the network Validators are updating their nodes to prevent similar exploits. Terra added:
“Validators holding over 67% of the voting power on Terra have upgraded their nodes to prevent the exploit from recurring. More validators are expected to upgrade soon.”
Astroport token declines
Despite Terra’s recovery efforts, Astroport’s ASTRO token has plunged by 62% in the past 24 hours, trading at $0.01775, according to CryptoSlate’s data.
The Cosmos-based liquidity protocol explained that the IBC vulnerability allowed the attacker to mint several tokens on the Terra chain, negatively impacting the asset’s price. It stated:
“The Astroport contributors are working with the other chains and Cosmos builders to determine what measures can be taken. We will keep you updated as we learn more.”
Meanwhile, security experts have also emphasized that Astroport wasn’t exploited, and its token “became collateral damage because it’s the only Terra token that has meaningful liquidity for stealing.”