The Terra blockchain reported a security breach that led to the theft of tokens worth approximately $3 million.
Hacker Exploits IBC Hooks Vulnerability to Steal Tokens on Terra Blockchain
The attack targeted a known vulnerability in the IBC hooks module, a third-party component used for cross-chain contract calls and token movements.
The anonymous hacker exploited this vulnerability to extract value from bridged assets, including the USDC stablecoin and Astroport tokens.
The incident prompted Terra to take immediate action, including taking immediate action to prevent further token theft. The blockchain platform coordinated with its validators to deploy an emergency patch addressing the vulnerability.
“We will work with validators at Terra to apply an emergency patch to address a suspected vulnerability,” Terra said.
The vulnerability was first discovered and patched across the Cosmos ecosystem in April.
However, a subsequent upgrade to the Terra network in June did not include this patch, causing it to be exposed again.
Zaki Manian, co-founder of Sommelier Finance, elaborated: “There was a vulnerability in IBC hooks discovered by Composable Finance in April. It was patched across Cosmos. Terra was also patched at that time.”
Apparently Terra's June upgrade did not include the patch. All Axelar USDC bridged to Terra were stolen using the IBC hooks exploit. A large amount of ASTRO was also stolen.”
This incident marks another significant challenge for Terra, which is hard forking from the Terra Classic network following the massive financial crash in 2022.
The previous crisis was triggered by the algorithmic stablecoin UST losing its peg to the US dollar, causing widespread financial turmoil.
*This is not investment advice.