The native token of Terra-based automated market maker (AMM) Astroport fell over 60% on Wednesday following a $4 million security exploit of the Terra network. The token slumped from $0.0465 to as low as $0.01367 before rebounding to $0.02099 at press time.
The Terra network announced that its blockchain has halted at block height 11430400 and will stop processing transactions temporarily. In an X post, Terra stated it was working with Terra’s Phoenix-1 validators to remedy the situation.
“We will be working with the validators at Terra (phoenix-1) to apply an emergency patch thereafter to remediate a suspected exploit,” the X update said.
Hacker Exploits Terra’s Vulnerability
A report showed that the hacker exploited a known vulnerability in IBC hooks, a third-party module that allowed cross-chain contract calls and token transfers. This led to the exploiter siphoning 60 million ASTRO, 3.5 million USDC, 500,000 USDT, and 2.7 BTC.
The vulnerability was first discovered in April in the Cosmos ecosystem, and the blockchain quickly upgraded its blockchain to expedite the loophole. However, an upgrade on the Terra network in June failed to include a patch for this vulnerability, and the hacker took advantage of the omission.
“There was a vulnerability in IBC hooks discovered by Composable Finance in April. It was patched across Cosmos. Terra was patched then. It appears that Terra’s June upgrade did not include the patch. All the Axelar UASC bridged to Terra was stolen using the IBC hooks exploit. A large amount of ASTRO was also stolen,” Zaki Manian, the co-founder of Sommelier Protocol, said.
Terra Resumes Operations
Terra quickly halted its network after discovering the unusual activity to prevent the hacker from stealing more funds before announcing it would apply an emergency patch to fix the vulnerability. The blockchain announced it had resumed block production four hours after the exploit but had not revealed further details about the hack at press time.
The exploit was a setback for Terra, who had just settled a long case with the US Securities and Exchange Commission (SEC) last month. CoinTab reported that Terraform Lab agreed to pay $4.5 billion to the Wall Street watchdog and refrain from crypto-related activities.