Terra exploited for $6.8m due to reentrancy vulnerability: report

Infamous blockchain protocol Terra has recently been allegedly exploited due to a vulnerability that was revealed months ago.

According to a Cyvers Alerts post on X today, July 31, hackers have stolen 60 million ASTRO, 3.5 million USDC, 500,000 USDT and 2.7 Bitcoin (BTC) from the Terra blockchain. The total amount of reported losses has reached roughly $6.8 million.

Per the blockchain security company, hackers found a vulnerability in the network’s timeout callback of IBC hooks. This allows the attackers to execute a transaction repetitively that might potentially result in the loss of funds or minting extra tokens.

Cyvers Alerts claims that this vulnerability was “revealed in April of this year.”

Just hours before Cyvers Alerts’ X post, Terra’s official X page posted that the network was halted to “apply an emergency patch” due to an alleged exploit. 

At 07:40 UTC, Terra announced that the blockchain had resumed its operations and the emergency upgrade had been completed. The X post added:

“Transactions are now being processed, and users may resume normal activities.”

However, Terra did not share the details and the amount of assets lost yet. 

Notably, the ASTRO price suddenly plunged by 60% after Terra halted the network operations. 

Terra (LUNA) collapsed in May 2022 after Terraform Labs’ now infamous algorithmic stablecoin, TerraUSD (UST), de-pegged from the U.S. dollar. The company’s co-founder, Do Kwon — who was arrested by Interpol in March 2023 — has been marked as one of the main reasons for the downfall of Terraform Labs as the latest evidence shows that he deceived investors with fake transactions.