Cosmos IBC 协议关键安全漏洞已修复，保护 1.26 亿美元

Cosmos 区块链间通信 (IBC) 协议中的一个关键安全漏洞已得到修复，可能保护超过 1.26 亿美元的安全。该漏洞由 Asymmetry Research 发现并私下报告，可能会引发重入攻击，从而允许黑客在 IBC 连接的链上铸造无限代币。速率限制机制可防止恶意利用。该漏洞自 2021 年以来一直存在，在引入 IBC 中间件后变得可利用。 Cosmos 开发人员三周前修复了该漏洞，强调需要持续进行跨链安全研究以保护多链生态系统。

Critical Security Flaw in Cosmos IBC Protocol Patched, Protecting $126 Million in Assets

Cosmos IBC 协议中的关键安全漏洞已修复，保护了 1.26 亿美元的资产

A blockchain security firm, Asymmetric Research, has disclosed a "critical" vulnerability in the Inter-Blockchain Communication (IBC) protocol of the Cosmos network, which placed at least $126 million in crypto assets at risk. The vulnerability, privately reported to Cosmos via its HackerOne Bug Bounty program, has been resolved through a patch.

区块链安全公司 Asymmetry Research 披露了 Cosmos 网络的区块链间通信 (IBC) 协议中的一个“严重”漏洞，该漏洞使至少 1.26 亿美元的加密资产面临风险。该漏洞已通过 HackerOne Bug Bounty 计划私下向 Cosmos 报告，并已通过补丁解决。

"No malicious exploitation took place and no funds were lost," Asymmetric Research stated on April 23rd.

Asymmetry Research 4 月 23 日表示，“没有发生恶意利用，也没有资金损失”。

The bug, present in ibc-go since its launch in 2021, could have been exploited to execute a reentrancy attack, enabling hackers to mint an infinite number of tokens on IBC-connected chains such as Osmosis and other decentralized finance ecosystems within the Cosmos network.

该漏洞自 2021 年推出以来就存在于 ibc-go 中，可能被用来执行重入攻击，使黑客能够在 IBC 连接的链上铸造无限数量的代币，例如 Osmosis 和 Cosmos 网络内的其他去中心化金融生态系统。

"We believe at least 126M+ in assets could have been stolen on Osmosis," Asymmetric Research stated. "However, rate limiting on Osmosis slows down the damage that could be caused."

Asymmetry Research 表示：“我们相信 Osmosis 上至少有超过 1.26 亿资产可能被盗。” “然而，渗透率限制会减缓可能造成的损害。”

Rate limiting mechanisms are employed to prevent or mitigate attacks designed to overwhelm systems by controlling the rate of request submissions.

采用速率限制机制来通过控制请求提交速率来防止或减轻旨在压垮系统的攻击。

The exploit became possible only after Cosmos developers introduced IBC middleware, a third-party application that allows ICS20 tokens (interchain token standard) to be transferred across chains.

只有在 Cosmos 开发人员引入 IBC 中间件（一种允许 ICS20 代币（链间代币标准）跨链传输的第三方应用程序）之后，该漏洞才成为可能。

Asymmetric Research emphasized the vulnerability highlights the potential risks associated with introducing new features and functionalities, as well as the importance of implementing defense-in-depth strategies to protect blockchain ecosystems.

非对称研究强调，该漏洞凸显了与引入新特性和功能相关的潜在风险，以及实施深度防御策略以保护区块链生态系统的重要性。

"This vulnerability highlights the critical need for more research into cross-chain security risks to protect the multichain ecosystem better," the firm stated.

该公司表示：“这一漏洞凸显了对跨链安全风险进行更多研究的迫切需要，以更好地保护多链生态系统。”

The Cosmos development team, led by Carlos Rodriguez, patched the vulnerability approximately three weeks ago, as evidenced by a GitHub commit.

由 Carlos Rodriguez 领导的 Cosmos 开发团队大约三周前修复了该漏洞，GitHub 提交证明了这一点。

In October 2022, another "critical" security vulnerability was identified in the IBC protocol, affecting all IBC-connected chains. However, a patch was released before the flaw could be exploited.

2022 年 10 月，IBC 协议中发现了另一个“严重”安全漏洞，影响了所有 IBC 连接的链。然而，在该缺陷被利用之前，已经发布了补丁。

The Cosmos network, known for its interoperable blockchain architecture, has experienced several security incidents in the past. In February 2023, a vulnerability in the Gravity Bridge, a cross-chain bridge connecting Cosmos to the Ethereum network, resulted in the theft of approximately $190 million in crypto assets.

Cosmos 网络以其可互操作的区块链架构而闻名，过去曾经历过多次安全事件。 2023 年 2 月，连接 Cosmos 和以太坊网络的跨链桥重力桥 (Gravity Bridge) 中的漏洞导致约 1.9 亿美元的加密资产被盗。

The recent IBC protocol vulnerability underscores the ongoing need for vigilance and continuous efforts to enhance the security of cross-chain communication protocols that facilitate the interoperability of different blockchain networks.

最近的 IBC 协议漏洞强调了我们需要持续保持警惕并不断努力增强跨链通信协议的安全性，以促进不同区块链网络的互操作性。