![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
Terra 区块链遭遇重大漏洞,涉及复杂的漏洞利用,导致约 500 万美元的各种加密货币被盗。
The Terra blockchain was breached on Monday, with an attacker exploiting a vulnerability to pilfer a total of 60 million ASTRO tokens, 3.5 million USDC, 500,000 USDT, and 2.7 BTC. The specific exploit used in the attack was identified by security researcher Rarma (@Rarma_), who confirmed via X, “So yes, it appears this is the IBC hooks exploit from back in April.”
Terra 区块链周一遭到破坏,攻击者利用漏洞窃取了总计 6000 万个 ASTRO 代币、350 万个 USDC、50 万个 USDT 和 2.7 个 BTC。攻击中使用的具体漏洞由安全研究人员 Rarma (@Rarma_) 识别,他通过 X 确认,“所以,是的,这似乎是 4 月份的 IBC hooks 漏洞。”
The vulnerability, which was discovered but not patched earlier this year, allowed the attacker to manipulate the IBC transfer process, minting tokens on Terra using the exploited mechanism, and then transferring them off the platform.
该漏洞于今年早些时候被发现但尚未修补,它允许攻击者操纵 IBC 传输过程,使用所利用的机制在 Terra 上铸造代币,然后将其从平台上转移。
“Terra isn’t patched, which allowed the exploit to occur. The exploiter could mint tokens that had been IBC transferred onto Terra by utilizing a contract, IBC call (with IBC hooks), and a timeout. 3.5 Million axlUSDC, 500k USDT, 2.7BTC, 60m ASTRO tokens. Terra and Neutron IBC relayer need to stop,” Rarma added.
“Terra 没有打补丁,这导致了漏洞的发生。攻击者可以利用合约、IBC 调用(带有 IBC 挂钩)和超时来铸造已通过 IBC 传输到 Terra 的代币。 350 万个 axlUSDC、50 万个 USDT、2.7BTC、6000 万个 ASTRO 代币。 Terra 和 Neutron IBC 中继器需要停止,”Rarma 补充道。
The researcher further clarified that “the IBC’d Assets were ‘re-minted’ with this exploit into the hacker’s wallet. They then IBC Transferred them OUT. The ‘minted’ tokens were ‘burnt’ on the way out. So, from a Chain, IBC and Relayer perspective, the exploited amounts of these tokens technically don’t exist on Terra anymore. The TVL for these tokens is completely fake.”
研究人员进一步澄清说,“IBC 的资产通过此漏洞‘重新铸造’到了黑客的钱包中。然后他们将 IBC 转出。 “铸造”的代币在退出时被“烧毁”。因此,从 Chain、IBC 和 Relayer 的角度来看,这些代币的开发量从技术上讲已经不存在于 Terra 上。这些代币的 TVL 完全是假的。”
The hacker already exited his stolen assets, not via Cosmos, but by bridging them back to Ethereum and swapping them for Ether (ETH).
黑客已经退出了他被盗的资产,不是通过 Cosmos,而是通过将它们桥接回以太坊并将其交换为以太坊 (ETH)。
In response to the security breach, the development team acted quickly, halting the blockchain to prevent further exploitation. The halt was announced to the community with specific details: “Please be advised that the chain will be halted shortly at block height 11430400 and transactions will not be processed during this time. We will be working with the validators on Terra (phoenix-1) to apply an emergency patch thereafter to remediate a suspected exploit.”
为了应对安全漏洞,开发团队迅速采取行动,停止了区块链以防止进一步的利用。暂停已向社区宣布,并提供了具体细节:“请注意,该链将很快在区块高度 11430400 处暂停,在此期间将不会处理交易。我们将与 Terra (phoenix-1) 上的验证者合作,随后应用紧急补丁来修复可疑的漏洞。”
Approximately four hours after the halt, the dev team deployed an emergency patch to rectify the exploited vulnerability and to reinforce the blockchain’s defenses. The update was crucial in resuming normal blockchain activities: “The Terra chain has resumed block production at approximately 4:19 AM UTC today, and the emergency chain upgrade is now complete. Transactions are now being processed, and users may resume normal activities. Validators holding over 67% of the voting power on Terra have upgraded their nodes to prevent the exploit from recurring. More validators are expected to upgrade soon.”
停止后大约四个小时,开发团队部署了紧急补丁来纠正被利用的漏洞并加强区块链的防御。此次更新对于恢复正常的区块链活动至关重要:“Terra 链已于世界标准时间今天凌晨 4:19 左右恢复区块生产,紧急链升级现已完成。交易正在处理中,用户可以恢复正常活动。在 Terra 上拥有超过 67% 投票权的验证者已升级其节点,以防止该漏洞再次发生。预计很快会有更多验证器升级。”
免责声明:info@kdj.com
所提供的信息并非交易建议。根据本文提供的信息进行的任何投资,kdj.com不承担任何责任。加密货币具有高波动性,强烈建议您深入研究后,谨慎投资!
如您认为本网站上使用的内容侵犯了您的版权,请立即联系我们(info@kdj.com),我们将及时删除。
-
-
- AI代理部门经历了戏剧性的市场动荡
- 2025-04-02 16:00:12
- 在过去的两个月中,AI代理部门经历了戏剧性的市场动荡。根据cookie.fun数据,截至2025年4月1日
-
- 通过两个嘉年华促销活动庆祝BNB连锁生态系统中新合同的上市!
- 2025-04-02 15:55:12
- 为了庆祝BNB连锁生态系统中新合同的上市,我们正在启动两个促销活动供符合条件的用户参加
-
- Flare Act承诺将全额税收支出捕获加密货币矿工
- 2025-04-02 15:55:12
- 美国参议员泰德·克鲁兹(Ted Cruz)(R-TX)于3月31日宣布,引入了促进大气释放的排放(FLARE)法案
-
- 4个有希望的令牌是$ 1的最佳加密货币
- 2025-04-02 15:50:13
- 加密爱好者总是在寻找市场上隐藏的宝石。尽管比特币和以太坊仍然是巨人,但许多被低估的加密货币为增长提供了巨大的机会
-
- Dogecoin(Doge)价格预测:Doge处于正价格轨迹上,并保持强大的支持水平
- 2025-04-02 15:50:13
- 总体市场显示了看涨的迹象,比特币激增推动了整个市场的乐观浪潮。
-
- 比特币(BTC)鲸鱼钱包最近几周有显着增长,达到了2024年12月以来的最高水平
- 2025-04-02 15:45:12
- 比特币(BTC)鲸鱼钱包最近几周有显着增长,达到了2024年12月以来的最高水平。
-
-
- GameStop完成了15亿美元的可兑换高级票据,以购买比特币购买
- 2025-04-02 15:40:12
- GameStop周二宣布,它已完成了15亿美元的可转换高级票据的投资者。