Astroport Hack: $6.4 Million Loss and Security Failures

In partnership with

TL;DR

On July 30th, Astroport on the Terra network suffered a $6.4 million hack due to a reintroduced IBC vulnerability. Despite early warnings from Jacob Gadikian, the issue was ignored. The exploit's success was exacerbated by reduced team capacity following SEC actions, underscoring the need for improved security practices.

Make Sure This Hack Doesn’t Happen To You 🫵

Subscribe to Blockbasis and get access to our premium scanner to check whether your the funds in your wallet is safeguarded from hacks 🔐

For a limited period only, you can get a 7 day FREE trial!

All for just $50/month after the trial.
Don't miss out! Grab your FREE trial today 👇

On July 30th, Astroport, a decentralized exchange (DEX) on the Terra network, was hacked, resulting in a loss of approximately $6.4 million.

The attacker exploited a vulnerability that had been patched in April but was accidentally reintroduced during a June upgrade.

This incident raises serious concerns about security practices, especially in light of recent SEC regulatory actions against Terraform Labs (TFL).

The hack highlights the complex relationship between regulatory measures and ecosystem security, revealing potential weaknesses in maintaining critical infrastructure.

It also emphasizes the importance of addressing security warnings and implementing robust processes to avoid reintroducing known vulnerabilities.

This event is more than just another DeFi exploit; it serves as a stark reminder of the consequences of neglecting security warnings and regulatory impacts.

As crypto heists become more frequent, the recurrence of old bugs and overlooked warnings begs the question: who's really to blame?

Subscribe to Newsletter Bitcoin

Receive weekly Bitcoin summaries with news, insights and analysis on all things Bitcoin, all for free.

The name Terra, also known as Luna, evokes a range of emotions, from nostalgia to distress, depending on one's experience.

Following the collapse of its algorithmic stablecoin, Terra 2.0 emerged, offering a fresh start akin to a phoenix rising from the ashes.

However, in the unpredictable realm of cryptocurrency, some problems persist.

Rarma first identified suspicious transactions involving millions of dollars, lamenting the losses alongside other ASTRO holders, including himself.

Astroport soon confirmed the exploit.

As the exploit unfolded, Terra's validators acted swiftly, halting the chain to prevent further damage.

Ironically, a critical IBC bug that had been addressed in an April emergency patch across Cosmos chains reemerged in Terra's June upgrade.

Like a horror movie villain making a dramatic comeback, this vulnerability resurfaced, setting the stage for another crypto heist.

The attacker exploited this reintroduced bug, taking advantage of a reentrancy flaw in the timeout callback of ibc-hooks, to illicitly create tokens, leaving Terra's defenses compromised.

The exploit resulted in the illicit acquisition of 60 million ASTRO tokens, 3.5 million USDC, 500,000 USDT, and 2.7 BTC, amounting to approximately $6.4 million.

Approximately 3.5 hours after halting the chain, Terra resumed operations. The emergency upgrade was successfully implemented, restoring transaction capabilities.

Validators, representing over 67% of Terra's voting power, upgraded their nodes to prevent further exploitation, with more validators expected to follow.

Astroport quickly froze the attacker's Terra address, which held 20 million ASTRO tokens, effectively rendering the stolen assets inaccessible.

The final assessment reveals a significant theft of 58 million ASTRO tokens, with 33 million of these tokens being transferred to the Neutron network.

On Neutron, the stolen ASTRO tokens were removed from the attacker’s wallet through a TokenFactory Force Transfer process.

The remaining 20 million ASTRO tokens on Terra were swiftly blacklisted.

Following the attack, ASTRO's value dropped by approximately 56%, according to Coingecko data.

Attacker’s Addresses involved:

• On Terra: terra1wrve5z5vsmrgy6ldcveq93aldr6wk3qmxavs4j

• On Neutron: Neutron16wynag7xgfy35sp8c5ls25c0je7dydmvq5pnd8

Additionally, some funds were bridged to Ethereum and exchanged for ETH.

Bridge transaction details: 7E28A2BDD3A6DBED27269C23D0BDA2FBE4B2BE7F613E87CC23A237DA473F14E2

Address on Ethereum: 0xBDe173c4C2249d3a98cD6ed844a4421728114F5A

In a twist that adds significant frustration to the incident, it has emerged that vulnerabilities were previously flagged by Jacob Gadikian, a well-known figure in the Cosmos ecosystem.

Gadikian had recently pointed out these risks, but his warnings were largely ignored by those responsible for addressing such issues.

Following the hack, Gadikian expressed his disillusionment, stating, "This is why I stopped: coordinated harassment endured while making security reports."

He had also proposed a solution to mitigate the vulnerability.

“When there's a security patch in comet, IBC, cosmos, etc, that shows in go.mod and that is why I automated it. This PR changes two files, go.mod and go.sum”

Jacob Gadikian added, "If Amulet had been following my approach, this incident could have been prevented. Setting up monitoring for all Cosmos chains based on go.mod is straightforward. I know because I did it."

His experience underscores serious concerns about the ecosystem's security practices and the treatment of individuals who raise alarms.

In the complex and often contentious world of IBC, it's crucial to consider multiple perspectives.

Compounding the situation, it appears Terra's development team may have been severely compromised.

GabrielShapir0 highlighted that while Terra/TFL had patched the vulnerability in April, it was inadvertently reintroduced in a subsequent update. Given the potential reduction in TFL’s workforce following SEC actions, such oversights might have been more likely.

Zaki Manian confirmed, "Terra was involved in the original vulnerability coordination but accidentally reverted the patch in the June upgrade."

The success of the exploit may be partially attributed to the reduced capacity of the Terra team following the SEC's actions against Terraform Labs.

While the SEC's measures were intended to protect investors, they may have inadvertently created a security gap.

As aptly noted by GabrielShapir0, the SEC's shutdown of TFL led to a situation where no one was available to address a known Terra vulnerability, resulting in the minting of infinite $ASTRO and its subsequent collapse.

As the Astroport incident continues to unfold, it reveals a complex tapestry of patched and unpatched vulnerabilities, overlooked warnings, and the aftermath of regulatory actions.

Terra’s attempt at revival seems to have inherited not just its predecessor’s name but also its vulnerabilities.

In this ongoing cycle of exploits and blame-shifting, one must question: how many more project failures must the crypto industry experience before it prioritizes robust security over assigning blame?

Subscribe to WAGMI

Get Ahead In Crypto. Join 15,000+ subscribers and get our free 5-min daily newsletter

Squarespace's handling of recent security issues serves as a stark reminder of the dangers of Web2 complacency in a Web3 world.

Their inadequate response and apparent neglect of the specialized security needs of crypto projects have led to compromised domains and eroded trust.

One wonders if Squarespace might offer compensation akin to the $10 Uber Eats gift cards that Crowdstrike allegedly provided, which seems unlikely to cover the damages adequately.

This incident underscores a crucial lesson for the crypto industry: regardless of the sophistication of your blockchain, security is only as strong as your weakest centralized component.

With nearly a year to manage the migration from Google Domains, one has to question whether Squarespace prioritized choosing fonts for their error pages over securing millions of domains.

It is imperative for crypto projects to critically evaluate their infrastructure and adopt security practices commensurate with the high-stakes nature of their operations.

As the industry advances toward a decentralized future, relying on the fragile frameworks of Web2 presents a significant risk. The frequent central points of failure highlight a critical vulnerability that must be addressed.

This situation raises a crucial question: is it time for the crypto world to establish its own robust security foundations from the ground up?

If fundamental components like domain registrars cannot be trusted, how can we expect broader adoption and trust in the future of finance?

Sponsored by Mood Gummies

This cannabis startup pioneered “rapid onset” gummies

Most people prefer to smoke cannabis but that isn’t an option if you’re at work or in public.

That’s why we were so excited when we found out about Mood’s new Rapid Onset THC Gummies. They can take effect in as little as 5 minutes without the need for a lighter, lingering smells or any coughing.

Nobody will ever know you’re enjoying some THC.

We recommend you try them out because they offer a 100% money-back guarantee. And for a limited time, you can receive 20% off with code FIRST20.

Shop Now