- Hacker exploits Terraโs outdated security patch to mint tokens out of thin air.
- This comes just a week after TerraForm Labs announced a repayment plan.
- Terraโs community identifies the culprit, but the drained funds are long gone.
Trouble keeps finding Terra Luna’s blockchain, as the TerraForm Labsโ native chain was temporarily halted at block 11430400 on July 31, 2024. This action was taken after multiple blockchain intelligence platforms sounded the alarm about the drainage of over $6M in digital assets, including 60M of ASTRO tokens, native to Astroport’s liquidity protocol on Terra Lunaโs chain.
Besides Astroportโs own token, an eye-watering 3.5M Circle USD (USDC), 500,000 Tether USD (USDT), and 2.7 Bitcoin (BTC) were drained during the incident. The hacking incident, which caused damage of $6.8 million, comes just a week after TerraForm Labs issued a crypto loss claim timeline for the downtrodden investors of the 2022 Terra Luna fiasco.
How Terraโs Hacker Exploited the Outdated System
According to Astroport, the network’s Inter-Blockchain Communication (IBC) vulnerability was recognized in April 2024. As Terraโs new chain is not patched, the exploiter managed to mint new tokens onto Terra by utilizing an IBC call contract with IBC hooks and a timeout.
Sponsored
The security breach breakdown by blockchain security audit company Cyvers highlighted that despite the issue being known to the public since April, the upgrade package installed in June 2024 on Terra 2.0 overlooked this, thus paving the way for a security breach.
The hackers used small-scale transfers that have never exceeded 56 LUNA or 7,800 USDC per transaction but still managed to leave with a haul of $6.8 million. Soon after, the fraudster used a cross-chain bridge to allocate the stolen funds to Ethereum and swapped the $6.8M loot for Ether (ETH).
While Terra chainโs community confirmed to have identified the culpritโs crypto address, retrieving these digital funds might be impossible. The hacker used a third-party module for cross-chain contracts and token transfers between blockchains.
Community Full of Regret: Could This Have Be Prevented?
Terra Luna’s holder community has been vocal about the recent setback, as many crypto enthusiasts expressed their regret about the IBC-related upgrade being reversed in Juneโs chain upgrade. If that wasnโt the cause, the hacking incident could have been prevented, argues Ethan Buchman, the co-founder of Cosmos Chains. โUnfortunately, they’re using a fork of IBC, which makes it harder to stay up to date and apply security patches,” says Buchman.
Cosmos Chains co-founder refers to the outdated fork of IBC-go 7.3.x, last updated in September 2023. Because of this, Terra 2.0 missed out on the critical patch that would have prevented the hacker from minting tokens on Terra Lunaโs blockchain out of thin air.
โNeed an ecosystem wide effort to un-fork as many projects as possibleโ, – Ethan Buchman contemplates. The accident tremendously affected the chainโs native cryptocurrency, as LUNA fell to $0.369 on August 1, 2024.
On the Flipside
- The Inter-Blockchain Communication (IBC)- linked exploit affected Terra 2.0 but missed the original Terra Luna Classic (LUNC) chain.
- Genuine Labs, which manages Terra Luna Classicโs (LUNC) security status, implemented the relevant patch in May 2024.
Why This Matters
Working out the stumbling blocks and applying timely chain upgrades could prevent security breaches due to vulnerable code.
Discover DailyCoinโs trending crypto news:
Trump Picks Up New Side Hustle in โBitcoin Presidentโ Brand
Ripple Rumors Dismissed as SEC Meeting Cancelled Yet Again