In a dramatic turn of events, the Terra blockchain halted operations on Wednesday following a reentrancy attack that exploited a previously disclosed vulnerability, resulting in the theft of over $4 million in various tokens. The network was restarted after an emergency chain upgrade was implemented to address the issue.
The exploit specifically targeted a reentrancy vulnerability in the timeout callback of ibc-hooks, a flaw that had been identified and disclosed back in April. However, the vulnerability resurfaced after a June upgrade, leading to the recent attack.
The blockchain was paused at block height 11,430,400, allowing developers to apply an emergency patch to fix the vulnerability. This critical fix was completed at 04:19 UTC. Validators, who are crucial entities supporting the network, played a significant role in the recovery. Over 67% of the validators on Terra upgraded their nodes, ensuring that the exploit could not be repeated.
The attack led to the loss of approximately $3.5 million in the USDC stablecoin, $500,000 in the USDT stablecoin, 2.7 bitcoin (BTC), and over 60 million of Astroport’s ASTRO tokens.
This incident underscores the ongoing challenges and risks associated with blockchain technology, particularly in maintaining security and safeguarding digital assets. Terra’s swift response and the collaboration of validators in upgrading the nodes were crucial in mitigating the impact of the exploit and resuming normal operations.
As the blockchain industry continues to evolve, incidents like this highlight the need for continuous vigilance and robust security measures to protect against increasingly sophisticated attacks.