Terra 區塊鏈駭客攻擊與中斷：發生了什麼事？

Terra 區塊鏈遭遇重大漏洞，涉及複雜的漏洞利用，導致約 500 萬美元的各種加密貨幣被盜。

The Terra blockchain was breached on Monday, with an attacker exploiting a vulnerability to pilfer a total of 60 million ASTRO tokens, 3.5 million USDC, 500,000 USDT, and 2.7 BTC. The specific exploit used in the attack was identified by security researcher Rarma (@Rarma_), who confirmed via X, “So yes, it appears this is the IBC hooks exploit from back in April.”

Terra 區塊鏈週一遭到破壞，攻擊者利用漏洞竊取了總計 6000 萬個 ASTRO 代幣、350 萬個 USDC、50 萬個 USDT 和 2.7 個 BTC。攻擊中使用的具體漏洞由安全研究人員 Rarma (@Rarma_) 識別，他通過 X 確認，“所以，是的，這似乎是 4 月份的 IBC hooks 漏洞。”

The vulnerability, which was discovered but not patched earlier this year, allowed the attacker to manipulate the IBC transfer process, minting tokens on Terra using the exploited mechanism, and then transferring them off the platform.

該漏洞於今年稍早被發現但尚未修補，它允許攻擊者操縱 IBC 傳輸過程，使用所利用的機制在 Terra 上鑄造代幣，然後將其從平台上轉移。

“Terra isn’t patched, which allowed the exploit to occur. The exploiter could mint tokens that had been IBC transferred onto Terra by utilizing a contract, IBC call (with IBC hooks), and a timeout. 3.5 Million axlUSDC, 500k USDT, 2.7BTC, 60m ASTRO tokens. Terra and Neutron IBC relayer need to stop,” Rarma added.

「Terra 沒有打補丁，這導致了漏洞的發生。攻擊者可以利用合約、IBC 呼叫（帶有 IBC 掛鉤）和超時來鑄造已透過 IBC 傳輸到 Terra 的代幣。 350 萬個 axlUSDC、50 萬個 USDT、2.7BTC、6000 萬個 ASTRO 代幣。 Terra 和 Neutron IBC 中繼器需要停止，」Rarma 補充道。

The researcher further clarified that “the IBC’d Assets were ‘re-minted’ with this exploit into the hacker’s wallet. They then IBC Transferred them OUT. The ‘minted’ tokens were ‘burnt’ on the way out. So, from a Chain, IBC and Relayer perspective, the exploited amounts of these tokens technically don’t exist on Terra anymore. The TVL for these tokens is completely fake.”

研究人員進一步澄清說，「利用這一漏洞，IBC 的資產被『重新鑄造』到了駭客的錢包中。然後他們將 IBC 轉出。 「鑄造」的代幣在退出時被「燒毀」。因此，從 Chain、IBC 和 Relayer 的角度來看，這些代幣的開發量從技術上講在 Terra 上已經不存在了。這些代幣的 TVL 完全是假的。

The hacker already exited his stolen assets, not via Cosmos, but by bridging them back to Ethereum and swapping them for Ether (ETH).

駭客已經退出了他被盜的資產，不是透過 Cosmos，而是透過將它們橋接回以太坊並將其交換為以太坊 (ETH)。

In response to the security breach, the development team acted quickly, halting the blockchain to prevent further exploitation. The halt was announced to the community with specific details: “Please be advised that the chain will be halted shortly at block height 11430400 and transactions will not be processed during this time. We will be working with the validators on Terra (phoenix-1) to apply an emergency patch thereafter to remediate a suspected exploit.”

為了應對安全漏洞，開發團隊迅速採取行動，停止了區塊鏈以防止進一步的利用。暫停已向社區宣布，並提供了具體細節：「請注意，該鏈將很快在區塊高度 11430400 處暫停，在此期間將不會處理交易。我們將與 Terra (phoenix-1) 上的驗證者合作，隨後應用緊急修補程式來修復可疑的漏洞。

Approximately four hours after the halt, the dev team deployed an emergency patch to rectify the exploited vulnerability and to reinforce the blockchain’s defenses. The update was crucial in resuming normal blockchain activities: “The Terra chain has resumed block production at approximately 4:19 AM UTC today, and the emergency chain upgrade is now complete. Transactions are now being processed, and users may resume normal activities. Validators holding over 67% of the voting power on Terra have upgraded their nodes to prevent the exploit from recurring. More validators are expected to upgrade soon.”

停止後大約四個小時，開發團隊部署了緊急修補程式來修正被利用的漏洞並加強區塊鏈的防禦。此次更新對於恢復正常的區塊鏈活動至關重要：「Terra 鏈已於世界標準時間今天凌晨 4:19 左右恢復區塊生產，緊急鏈升級現已完成。交易正在處理中，用戶可以恢復正常活動。在 Terra 上擁有超過 67% 投票權的驗證者已升級其節點，以防止漏洞再次發生。預計很快會有更多驗證器升級。