Terra Chain has been suspended due to emergency upgrades, according to Beosin Alert monitoring and warnings. It seems that someone has used an IBC vulnerability to mint multiple tokens on the Terra Chain, including ASTRO. Beosin security team analysis found that after the attacker instantiated the contract on Terra, they used the re-entry vulnerability of the timeout callback in ibc-hooks to transfer about 60 million ASTRO, 3.5 million USDC, 500,000 USDT, and 2.7 BTC. This vulnerability was disclosed in April of this year and belongs to a vulnerability in the cosmos basic library, but Terra has not fixed it.
All Comments