Terra Blockchain Halts Operations Following $4 Million Reentrancy Attack

Terra developers paused network operations on Wednesday after a reentrancy attack led to the theft of over $4 million worth of various tokens from the blockchain. The network was halted at block height 11430400 to implement an emergency patch addressing the vulnerability. The fix was completed at 04:19 UTC, with over 67% of Terra validators upgrading their nodes to prevent future exploits.

According to security firm Beosin, the attacker exploited a reentrancy vulnerability in the timeout callback of ibc-hooks, a flaw disclosed as early as April this year. The estimated losses include $3.5 million in USDC stablecoin, $500,000 in USDT stablecoin, 2.7 Bitcoin (BTC), and more than 60 million of Astroport’s ASTRO tokens.

“The attacker exploited a reentrancy vulnerability in the timeout callback of ibc-hooks,” Beosin reported. “The vulnerability was disclosed in April this year.”

The aftermath of the attack saw significant market impacts. Data from CoinGecko shows ASTRO fell 56%, while Terra’s Luna Classic (LUNC) tokens dropped 3.4% in the past 24 hours. ASTRO, which was trading around $0.045 before the exploit, plummeted to as low as $0.01313 by 3:00 am UTC on July 31. The price has since stabilized around $0.018, reducing the value of the allegedly stolen 60 million ASTRO tokens from approximately $2.7 million to $1.08 million.

Despite the stolen tokens representing only 5.5% of the total supply, the incident has set a new all-time low (ATL) for the Astroport decentralized marketplace.

This attack adds to a tumultuous period for Terraform Labs. On June 12, the company agreed to a $4.47 billion settlement with the United States Securities and Exchange Commission (SEC), which included $3.6 billion in disgorgement fines, a $420 million civil penalty, and nearly $467 million in prejudgement interest. Former CEO Do Kwon was held personally liable for about $204 million following the Terra ecosystem collapse, which resulted in $40 billion in investor losses.

On July 19, Terraform Labs announced the reopening of the Shuttle Bridge, allowing users to redeem their sealed assets on the Terra Classic blockchain. An X post by Terra informed the community that a recent bankruptcy court order in the firm’s Chapter 11 case would permit the undelegation and burning of 150 million LUNA tokens. Users have a 30-day window to redeem their wrapped assets through the Shuttle Bridge wallet. After this period, the Bridge will be permanently closed, and any remaining assets will be destroyed.

The Terra community continues to grapple with the aftermath of these events, facing both market volatility and the challenges of rebuilding trust and security within the ecosystem. As the story unfolds, stakeholders and observers alike watch closely, hoping for stability and recovery in the wake of this latest incident.

Digital Assets Desk