Terra exploited for $6.8m due to reentrancy vulnerability: report

The famous blockchain protocol Terra was allegedly exploited due to a security vulnerability that emerged months ago.

According to Cyvers Warnings post Today on X, July 31, hackers stole 60 million ASTRO, 3.5 million USDC, 500,000 USDT, and 2.7 Bitcoin (BTC) from the Terra blockchain. The total amount of reported losses reached approximately $6.8 million.

🚨WARNING🚨@terra_para was exploited and resulted in the theft of approximately $60 million $ASTRO3.5 million $USDC500 thousand $USDTand 2.7 $BTC.

The attacker exploited a re-entry vulnerability in the ibc hooks timeout callback.
This vulnerability was discovered in April of this year.… https://t.co/56oTpg78Cv

— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 31, 2024

According to the blockchain security firm, hackers have found a vulnerability in the network timeout callback of IBC hooks, which allows attackers to repeatedly execute a transaction that could potentially lead to the loss of funds or the minting of extra tokens.

Cyvers Alerts claims that this vulnerability was “disclosed in April of this year.”

Just a few hours before Cyvers Alerts’ X post, Terra’s official X page announced that the network had been brought down for “urgent patching” due to an alleged exploit.

The Terra chain resumed block production today at approximately 4:19 AM UTC, and the emergency chain upgrade is now complete.

Transactions are currently being processed and users can continue their normal activities.

Validators, who hold over 67% of the voting power on Terra, have been upgraded…

— Powered by Terra 🌍 LUNA 🌕 (@terra_money) July 31, 2024

At 07:40 UTC, Terra announced that the blockchain was resuming operations and the emergency upgrade was complete. The X post added:

“Transactions are currently being processed and users can continue their normal activities.”

However, Terra has not yet shared the details and amount of assets lost.

ASTRO saw a sudden 60% drop in price after Terra ceased network operations.