Ranking
Categories
Historical Snapshots
Token unlocks
Yield
Trending
Upcoming
Recently Added
Gainers & Losers
Most Visited
Community Sentiment
Chain Ranking
Market Overview
CoinMarketCap 100 Index
Fear and Greed Index
Altcoin Season Index
Bitcoin Dominance
Crypto ETFs
Overall NFT Stats
Upcoming Sales
New Pairs
Trending Pairs
Meme Explorer
Gainers & Losers
Community Votes
Top Traders
Spot
Derivatives
Spot
Derivatives
Feeds
Topics
Lives
Articles
Converter
Newsletter
CMC Labs
Telegram Bot
Advertise
Crypto API
Site Widgets
Airdrops
Diamond Rewards
Learn & Earn
ICO Calendar
Events Calendar
Academy
Research
Videos
Glossary
The breach targeted a vulnerability within a third-party module known as IBC hooks, a critical component that facilitates cross-chain contract calls and token movements. This exploit allowed hackers to transfer assets, including USDC stablecoin and Astroport tokens, without authorization.
Initial Estimates of Impact
According to Cyvers Alerts, hackers have stolen 60 million ASTRO, 3.5 million USDC, 500,000 USDT, and 2.7 Bitcoin from the Terra blockchain. The total amount of reported losses has reached roughly $6.8 million.
🚨ALERT🚨@terra_money was exploited, resulting in the theft of approximately 60M $ASTRO, 3.5M $USDC, 500K $USDT, and 2.7 $BTC.— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) July 31, 2024
The attacker took advantage of a reentrancy vulnerability in the timeout callback of ibc-hooks.
This vulnerability was revealed in April of this year.… https://t.co/56oTpg78Cv
The vulnerability in the network’s timeout callback of IBC hooks allowed attackers to execute transactions repetitively, resulting in significant losses and potentially minting extra tokens.
Cyvers Alerts noted that this vulnerability was revealed in April of this year. However, Terra's recent upgrade in June failed to include the critical patch that had been implemented across the broader Cosmos ecosystem. This oversight left the platform exposed and paved the way for the exploit.
“We will be working with the validators on Terra to apply an emergency patch thereafter to remediate a suspected exploit,” Terra stated in their official announcement.