The Terra blockchain recently experienced a security breach that led to the theft of millions of tokens. The attack targeted a weakness in a third-party tool called IBC hooks, which helps manage transactions between different blockchains, according to crypto researcher Rarma on X.
The hackers were able to steal assets like the USDC stablecoin and Astroport tokens. Early estimates suggest around $5.28 million worth of tokens were compromised.
Terra Takes Emergency Action
In response to the breach, Terra quickly put out an emergency update to fix the vulnerability and protect against future attacks. The team announced, “We will work with Terra’s validators to apply an emergency patch to fix the issue.”
The exploited vulnerability was first found and fixed in the Cosmos ecosystem in April. However, a June update for Terra missed this crucial fix, leaving the system open to attack.
According to the smart contract audit firm Beosin, the stolen assets included about $60 million in Astroport tokens, $3.5 million in USDC, $500,000 in USDT, and $2.7 million in Bitcoin.
Zaki Manian from Sommelier Finance explained that while the vulnerability was patched for Cosmos in April, Terra’s June upgrade didn’t include this fix. As a result, stolen funds included a significant amount of Axelar USDC and Astroport tokens.
Terra, which was created after the Terra Classic network collapsed in 2022 due to problems with its stablecoin, has now resumed normal operations.
Crypto Market Recovers Stolen Funds
Despite the challenges, the cryptocurrency market showed strong recovery efforts in the second quarter of 2024. The market managed to recover 77% of stolen funds, totaling $347.4 million out of $512.9 million lost, according to Hacken’s Web3 Security Report Q2 2024.
The report noted that this marks the second quarter in a row where a significant amount of stolen crypto was recovered.
However, cryptocurrency scams remain a big issue, especially on X, where nearly $50 million is lost each month due to account impersonation, according to Scam Sniffer, a web3 anti-scam company. Concerns about these scams have even reached Binance co-founder Yi He, who is questioning if enough is being done to address the problem.