The Terra blockchain halted block production for around four hours on Tuesday to patch an exploit that resulted in the theft of tokens worth around $4 million.
The Terra team announced that block production would be halted in a post on X, saying that no transactions would be processed until validators had deployed an emergency patch to remediate a suspected exploit.
Blockchain security firm Beosin estimated that the exploiter had stolen around 60 million ASTRO, 3.5 million USDC, 500,000 USDT and 2.7 BTC — the total value of which exceeded $4 million at the time of the exploit. However, the value of ASTRO has since plummeted 55% to $0.02084.
Users who followed the flow of funds found that the activity resembled an IBC hooks exploit that was flagged in April. IBC hooks is a third-party module used to allow ICS-20 token transfers to initiate contract calls.
That exploit would allow the attacker to mint tokens by taking advantage of the flaw in the contract into the hacker’s wallet. One user tracing the hacker’s onchain activity found that the hacker had bridged the stolen assets back to ether.
IBC-enabled chains deployed a patch for the vulnerability when it was flagged earlier this year. Although Terra was one of those chains, Sommelier Protocol’s Zaki Manian told The Block that Terra developers missed including this patch in a recent June upgrade.
“All the Axelar USDC bridged to Terra was stolen using the IBC hooks exploit. A large amount of ASTRO was also stolen,” Manian said.
The Terra blockchain resumed producing blocks at around shortly after midnight ET after deploying an emergency fix.
July 31, 6:58 a.m. ET: This article’s headline was updated for accuracy reasons.