Terra 区块链黑客攻击和中断：发生了什么？

Terra 区块链遭遇重大漏洞，涉及复杂的漏洞利用，导致约 500 万美元的各种加密货币被盗。

The Terra blockchain was breached on Monday, with an attacker exploiting a vulnerability to pilfer a total of 60 million ASTRO tokens, 3.5 million USDC, 500,000 USDT, and 2.7 BTC. The specific exploit used in the attack was identified by security researcher Rarma (@Rarma_), who confirmed via X, “So yes, it appears this is the IBC hooks exploit from back in April.”

Terra 区块链周一遭到破坏，攻击者利用漏洞窃取了总计 6000 万个 ASTRO 代币、350 万个 USDC、50 万个 USDT 和 2.7 个 BTC。攻击中使用的具体漏洞由安全研究人员 Rarma (@Rarma_) 识别，他通过 X 确认，“所以，是的，这似乎是 4 月份的 IBC hooks 漏洞。”

The vulnerability, which was discovered but not patched earlier this year, allowed the attacker to manipulate the IBC transfer process, minting tokens on Terra using the exploited mechanism, and then transferring them off the platform.

该漏洞于今年早些时候被发现但尚未修补，它允许攻击者操纵 IBC 传输过程，使用所利用的机制在 Terra 上铸造代币，然后将其从平台上转移。

“Terra isn’t patched, which allowed the exploit to occur. The exploiter could mint tokens that had been IBC transferred onto Terra by utilizing a contract, IBC call (with IBC hooks), and a timeout. 3.5 Million axlUSDC, 500k USDT, 2.7BTC, 60m ASTRO tokens. Terra and Neutron IBC relayer need to stop,” Rarma added.

“Terra 没有打补丁，这导致了漏洞的发生。攻击者可以利用合约、IBC 调用（带有 IBC 挂钩）和超时来铸造已通过 IBC 传输到 Terra 的代币。 350 万个 axlUSDC、50 万个 USDT、2.7BTC、6000 万个 ASTRO 代币。 Terra 和 Neutron IBC 中继器需要停止，”Rarma 补充道。

The researcher further clarified that “the IBC’d Assets were ‘re-minted’ with this exploit into the hacker’s wallet. They then IBC Transferred them OUT. The ‘minted’ tokens were ‘burnt’ on the way out. So, from a Chain, IBC and Relayer perspective, the exploited amounts of these tokens technically don’t exist on Terra anymore. The TVL for these tokens is completely fake.”

研究人员进一步澄清说，“IBC 的资产通过此漏洞‘重新铸造’到了黑客的钱包中。然后他们将 IBC 转出。 “铸造”的代币在退出时被“烧毁”。因此，从 Chain、IBC 和 Relayer 的角度来看，这些代币的开发量从技术上讲已经不存在于 Terra 上。这些代币的 TVL 完全是假的。”

The hacker already exited his stolen assets, not via Cosmos, but by bridging them back to Ethereum and swapping them for Ether (ETH).

黑客已经退出了他被盗的资产，不是通过 Cosmos，而是通过将它们桥接回以太坊并将其交换为以太坊 (ETH)。

In response to the security breach, the development team acted quickly, halting the blockchain to prevent further exploitation. The halt was announced to the community with specific details: “Please be advised that the chain will be halted shortly at block height 11430400 and transactions will not be processed during this time. We will be working with the validators on Terra (phoenix-1) to apply an emergency patch thereafter to remediate a suspected exploit.”

为了应对安全漏洞，开发团队迅速采取行动，停止了区块链以防止进一步的利用。暂停已向社区宣布，并提供了具体细节：“请注意，该链将很快在区块高度 11430400 处暂停，在此期间将不会处理交易。我们将与 Terra (phoenix-1) 上的验证者合作，随后应用紧急补丁来修复可疑的漏洞。”

Approximately four hours after the halt, the dev team deployed an emergency patch to rectify the exploited vulnerability and to reinforce the blockchain’s defenses. The update was crucial in resuming normal blockchain activities: “The Terra chain has resumed block production at approximately 4:19 AM UTC today, and the emergency chain upgrade is now complete. Transactions are now being processed, and users may resume normal activities. Validators holding over 67% of the voting power on Terra have upgraded their nodes to prevent the exploit from recurring. More validators are expected to upgrade soon.”

停止后大约四个小时，开发团队部署了紧急补丁来纠正被利用的漏洞并加强区块链的防御。此次更新对于恢复正常的区块链活动至关重要：“Terra 链已于世界标准时间今天凌晨 4:19 左右恢复区块生产，紧急链升级现已完成。交易正在处理中，用户可以恢复正常活动。在 Terra 上拥有超过 67% 投票权的验证者已升级其节点，以防止该漏洞再次发生。预计很快会有更多验证器升级。”