• Dapps:16.23K
  • Blockchains:78
  • Active users:66.47M
  • 30d volume:$303.26B
  • 30d transactions:$879.24M

Terra Luna's Blockchain Security Breach

user avatar

by Giorgi Kostiuk

a year ago

Terra Luna's Blockchain Security Breach

Terra Luna's blockchain encountered a significant security breach that resulted in a loss of $6.8 million due to a complex exploit, intensifying the challenges faced by the chain.

  • Through the exploitation of an outdated security patch, an anonymous hacker orchestrated the minting of tokens illicitly on Terra's platform, creating substantial financial consequences.
  • This detrimental event unfolded shortly after TerraForm Labs' announcement regarding a repayment strategy, further unsettling the community.
  • Despite the identification of the wrongdoer by Terra's community, the drained funds remain untraceable.

The struggles for Terra Luna continued as the native chain of TerraForm Labs encountered a temporary suspension at block 11430400 on July 31, 2024. This interruption stemmed from multiple alerts by blockchain intelligence platforms regarding the drainage of over $6 million in digital assets, including ASTRO tokens linked to Astroport's liquidity ecosystem on Terra Luna's chain.

Complementing the ASTRO tokens, substantial amounts of Circle USD (USDC), Tether USD (USDT), and Bitcoin (BTC) were also siphoned during the breach, aggregating a substantial loss of $6.8 million.

The breach, culminating in a financial setback of $6.8 million, transpired shortly after TerraForm Labs introduced a timeline for crypto loss claims in response to the tumult surrounding the 2022 Terra Luna crisis.

Exploiting Terra's Security Weakness

Astroport disclosed the identification of Terra's Inter-Blockchain Communication (IBC) vulnerability in April 2024, signaling a prime opportunity for exploitation.

Capitalizing on Terra's unpatched system, the hacker generated new tokens using an IBC call contract embedded with hooks and a timeout mechanism. While the vulnerability was public knowledge since April, the June 2024 upgrade on Terra 2.0 failed to address this loophole, enabling the security breach to unfold.

Executing modest transfers, each below 56 LUNA or 7,800 USDC, the hacker amassed a sizable sum of $6.8 million. Subsequently, the perpetrator funneled the stolen assets to Ethereum through a cross-chain bridge, converting the loot into Ether (ETH).

Despite Terra's community tracking the hacker's crypto address, recovering the digital funds remains a challenging prospect. The hacker utilized a third-party module for cross-chain contracts and token transfers between different blockchain networks.

Community Reflections and Proactive Measures

The holder community of Terra Luna expressed regret over the setback, particularly lamenting the reversal of the IBC-related upgrade during the June chain update. Ethan Buchman, co-founder of Cosmos Chains, emphasized the pivotal role of this reversal in facilitating the hacking incident.

Buchman underscored the significance of Terra 2.0's reliance on an outdated fork of IBC-go 7.3.x, last updated in September 2023, as a critical factor in missing crucial security patches. To avert similar crises, Buchman advocated for a comprehensive initiative to unfork projects and apply necessary security updates across the ecosystem.

The security breach had a profound impact on Terra's native cryptocurrency, with LUNA witnessing a drop to $0.369 on August 1, 2024. While Terra 2.0 bore the brunt of the IBC-related exploit, the original Terra Luna Classic (LUNC) chain remained unaffected.

Genuine Labs promptly fortified the security of Terra Luna Classic (LUNC) by implementing the requisite patch in May 2024, exemplifying the importance of proactive security measures and timely upgrades in safeguarding blockchain platforms against vulnerabilities.

0

Rewards

chest
chest
chest
chest

More rewards

Discover enhanced rewards on our social media.

Other news

Polkadot Implements Major Tokenomics Shift

chest

Polkadot has approved a new supply cap of 21 billion DOT tokens, replacing the previous inflation model.

user avatarAyman Ben Youssef

FTX Creditors Set to Receive Over $5 Billion in Stablecoin Payouts

chest

The repayment process for FTX creditors is approaching a significant milestone, with over $5 billion in stablecoins to be distributed.

user avatarNguyen Van Long

Discover the Best Affordable Dental Plans for 2024

chest

A curated list of the top 12 affordable dental plans for 2024 has been released, focusing on cost, coverage, and customer satisfaction.

user avatarLi Weicheng

US Strategic Bitcoin Reserve Plans Could Bolster Bitcoin Prices

chest

Plans for a United States Strategic Bitcoin Reserve are gaining traction, with optimism that the Trump administration will pursue budget-neutral strategies to acquire Bitcoin.

user avatarJesper Sørensen

Ricardo Salinas Urges Investment in Bitcoin Amid Financial Skepticism

chest

Mexican billionaire Ricardo Salinas urges investment in Bitcoin as a hedge against fiat currency instability.

user avatarSatoshi Nakamura

EVA Team Celebrates Burning Day with Major Token Burn

chest

EVA team celebrated Burning Day by burning accrued EVA tokens and depositing WBTC fees into the BurnVault to reduce supply and increase BTC backing.

user avatarRajesh Kumar

Important disclaimer: The information presented on the Dapp.Expert portal is intended solely for informational purposes and does not constitute an investment recommendation or a guide to action in the field of cryptocurrencies. The Dapp.Expert team is not responsible for any potential losses or missed profits associated with the use of materials published on the site. Before making investment decisions in cryptocurrencies, we recommend consulting a qualified financial advisor.