Terra Blockchain Suspends Operations after $5 Million Crypto Theft
The Terra blockchain suspended its operations on Wednesday following a reentrancy attack that exploited a vulnerability, resulting in the theft of approximately $5 million worth of various tokens. The exploit targeted a vulnerability that had been disclosed in April but resurfaced during an update in June.
A reentrancy attack is a common bug that allows attackers to deceive a smart contract by making repeated calls to a protocol to steal assets. One call permits the smart contract address to interact with a user’s wallet address.
Details of the Attack and Terra’s Response
Terra developers briefly paused network operations after this hack, resulting in the loss of $5 million worth of various tokens. The blockchain came to a halt at block height 11430400 to apply an emergency upgrade to fix the vulnerability.
The fix was shared in the morning. Validators, the entities that support the network with over 67% of the voting power on Terra, updated their nodes to prevent the exploit from reoccurring and resumed block production.
Estimations and Consequences of the Terra Hack
The hacker took advantage of a reentrancy vulnerability in the callback timeout of ibc-hooks. This vulnerability was disclosed in April of this year.
Cyvers, a security company, estimated that $3.5 million in USDC stablecoin, $500,000 in USDT stablecoin, 2.7 BTC, and over 60 million ASTRO tokens from the Astroport platform were stolen in the attack.
The ASTRO token dropped by over 50% following the attack. Members of the Terra community are attempting to ‘doxx’ the hacker to locate and potentially recover the funds.