The Terra blockchain has suffered a significant breach involving a complex exploit that resulted in the theft of approximately $5 million in assorted cryptocurrencies. The specific assets stolen included approximately 60 million ASTRO tokens, 3.5 million USDC, 500,000 USDT, and 2.7 BTC. The smart contract audit firm Beosin revealed the nature of the breach in a post on X, stating, “Terra blockchain was exploited for ~60M $ASTRO, 3.5M $USDC, 500k $USDT, and 2.7 $BTC.
Terra Blockchain Hack And Outage: What Happened?
Security researcher Rarma (@Rarma_) confirmed via X, “So yes, it appears this is the IBC hooks exploit from back in April.” By deploying and utilizing a malicious CosmWasm contract through IBC interactions, an attacker was able to repeatedly trigger the MsgTimeout within the IBC hook’s OnTimeout callback prior to the deletion of the packet commitment. On chains that use ibc-hooks to integrate ICS-20, this flaw could enable recursive execution of the OnTimeout callback’s logic within the transfer application. This can lead to scenarios where funds from the escrow account are lost or tokens are unexpectedly minted.
The vulnerability, identified but not patched since April, allowed the attacker to manipulate the IBC transfer process, minting tokens on Terra using the exploited mechanism, then transferring them off the platform. “Terra isn’t patched, which allowed the exploit to occur. The exploiter could mint tokens that had been IBC transferred onto Terra by utilizing a contract, IBC call (with IBC hooks), and a timeout. 3.5 Million axlUSDC, 500k USDT, 2.7BTC, 60m ASTRO tokens. Terra and Neutron IBC relayer need to stop,” Rarma added.
The researcher further clarified that “the IBC’d Assets were ‘re-minted’ with this exploit into the hacker’s wallet. They then IBC Transferred them OUT. The ‘minted’ tokens were ‘burnt’ on the way out. So, from a Chain, IBC and Relayer perspective, the exploited amounts of these tokens technically don’t exist on Terra anymore. The TVL for these tokens is completely fake.”
Notably, the hacker already exited his stolen assets, not via Cosmos, but by bridging them back to Ethereum and swapping them for Ether (ETH).
In response to the security breach, the development team acted quickly, halting the blockchain to prevent further exploitation. The halt was announced to the community with specific details: “Please be advised that the chain will be halted shortly at block height 11430400 and transactions will not be processed during this time. We will be working with the validators on Terra (phoenix-1) to apply an emergency patch thereafter to remediate a suspected exploit.”
Approximately four hours after the halt, the dev team deployed an emergency patch to rectify the exploited vulnerability and to reinforce the blockchain’s defenses. The update was crucial in resuming normal blockchain activities: “The Terra chain has resumed block production at approximately 4:19 AM UTC today, and the emergency chain upgrade is now complete. Transactions are now being processed, and users may resume normal activities. Validators holding over 67% of the voting power on Terra have upgraded their nodes to prevent the exploit from recurring. More validators are expected to upgrade soon.”
At press time, LUNC traded at $0.00008039, down -3.3% in the last 24 hours.