Terra Blockchain Exploited for $4 Million in ASTRO, USDC, USDT, and BTC

On Wednesday, Terra developers temporarily halted network operations due to a reentrancy attack, resulting in the theft of over $4 million in various tokens

Terra blockchain was exploited for around $60 million in various tokens, including ASTRO, USDC, USDT, and BTC, on July 31.

According to blockchain security firm Beosin, the attacker exploited a reentrancy vulnerability in the timeout callback of ibc-hooks, a vulnerability that had been disclosed in April. This type of bug allows exploiters to trick a smart contract by making repeated calls to a protocol to steal assets, tricking the smart contract into authorizing the smart contract address to interact with a user’s wallet address.

Beosin reported that the Terra exploit led to the theft of $3.5 million in USDC stablecoin, $500,000 in USDT stablecoin, 2.7 bitcoins (BTC), and more than 60 million of Astroport’s ASTRO tokens.

Security firm Cyvers also reported on the incident, stating that 60 million ASTRO tokens were stolen in the exploit, which also affected other tokens, including 3.5 million USDC, 2.7 BTC, and 500,000 USDT.

The Astroport team confirmed the incident, attributing it to an IBC vulnerability and adding that the exploit appeared to have been used to mint several tokens on the Terra chain, including ASTRO.

With the blockchain halted, no further tokens could be minted, limiting the extent of the damage.

Terra blockchain announced the temporary halt of operations at block height 11430400 and informed users of the downtime via a post on X.

The network was paused to allow validators to upgrade their nodes and apply an emergency patch that fixed the vulnerability. The fix was completed by 04:19 UTC.

Over 67% of the voting power on Terra supported this upgrade, ensuring the network’s stability and security.

The network was set to resume operations at block height 114304050, with validators expected to quickly achieve the necessary quorum for the chain to restart.

Once operational, the network was expected to quickly process any pending transactions and return to normal functioning.

In the aftermath of the Terra exploit, ASTRO, the native token of the Cosmos liquidity protocol Astroport, experienced a significant decline.

CoinGecko data indicated that ASTRO fell by 56%. Meanwhile, Terra’s luna classic (LUNC) tokens saw a 3.4% decrease in the past 24 hours.

The exploit caused ASTRO’s price to drop sharply from $0.046 to a low of $0.013, although it later recovered to above $0.02 as efforts to address the vulnerability continued.