Terra blockchain halted operations on Wednesday after a reentrancy attack exploited a vulnerability, with over $4 million in various tokens stolen.
The exploit targeted a vulnerability that had been disclosed in April, but reappeared in a June upgrade.

Terra developers briefly paused network operations on Wednesday after an apparent reentrancy attack led to over $4 million of various tokens being taken from the blockchain.

The blockchain halted at block height 11430400 for an emergency patch to fix the vulnerability. The fix was completed at 04:19 UTC. Validators, the entities that support the network, with over 67% of the voting power on Terra upgraded their nodes to prevent the exploit from recurring, according to a post on the X.

Security firm Beosin estimated $3.5 million of the USDC stablecoin, $500,000 in the USDT stablecoin, 2.7 bitcoin (BTC) and more than 60 million of Astroport’s ASTRO were stolen in the attack.

“The attacker exploited a reentrancy vulnerability in the timeout callback of ibc-hooks,” Beosin said. “The vulnerability was disclosed in April this year.”

Terra blockchain was exploited for ~60M $ASTRO, 3.5M $USDC, 500k $USDT, and 2.7 $BTC.

The attacker exploited a reentrancy vulnerability in the timeout callback of ibc-hooks. The vulnerability was disclosed in April this year:https://t.co/CY39X28KyE https://t.co/hY9xA40hbJ
— Beosin Alert (@BeosinAlert) July 31, 2024

ASTRO fell 56% in the aftermath of the attack, CoinGecko data shows. Meanwhile, Terra's luna classic (LUNC) tokens are down 3.4% in the past 24 hours.

Reentrancy is a common bug that allows exploiters to trick a smart contract by making repeated calls to a protocol to steal assets. A call authorizes the smart contract address to interact with a user’s wallet address.

Terra Hack Exploits

Shaurya Malwa

Shaurya is the Co-Leader of the CoinDesk tokens and data team in Asia with a focus on crypto derivatives, DeFi, market microstructure, and protocol analysis. Shaurya holds over $1,000 in BTC, ETH, SOL, AVAX, SUSHI, CRV, NEAR, YFI, YFII, SHIB, DOGE, USDT, USDC, BNB, MANA, MLN, LINK, XMR, ALGO, VET, CAKE, AAVE, COMP, ROOK, TRX, SNX, RUNE, FTM, ZIL, KSM, ENJ, CKB, JOE, GHST, PERP, BTRFLY, OHM, BANANA, ROME, BURGER, SPIRIT, and ORCA. He provides over $1,000 to liquidity pools on Compound, Curve, SushiSwap, PancakeSwap, BurgerSwap, Orca, AnySwap, SpiritSwap, Rook Protocol, Yearn Finance, Synthetix, Harvest, Redacted Cartel, OlympusDAO, Rome, Trader Joe, and SUN.