Terra Blockchain Restarts After $4M Exploit

• Terra blockchain halted operations on Wednesday after a reentrancy attack exploited a vulnerability, with over $4 million in various tokens stolen.
• The exploit targeted a vulnerability that had been disclosed in April, but reappeared in a June upgrade.

Terra developers briefly paused network operations on Wednesday after an apparent reentrancy attack led to over $4 million of various tokens being taken from the blockchain.

The blockchain halted at block height 11430400 for an emergency patch to fix the vulnerability. The fix was completed at 04:19 UTC. Validators, the entities that support the network, with over 67% of the voting power on Terra upgraded their nodes to prevent the exploit from recurring, according to a post on the X.

Security firm Beosin estimated $3.5 million of the USDC stablecoin, $500,000 in the USDT stablecoin, 2.7 bitcoin BTC$77,640.65 and more than 60 million of Astroport’s ASTRO were stolen in the attack.

“The attacker exploited a reentrancy vulnerability in the timeout callback of ibc-hooks,” Beosin said. “The vulnerability was disclosed in April this year.”

ASTRO fell 56% in the aftermath of the attack, CoinGecko data shows. Meanwhile, Terra's luna classic (LUNC) tokens are down 3.4% in the past 24 hours.

Reentrancy is a common bug that allows exploiters to trick a smart contract by making repeated calls to a protocol to steal assets. A call authorizes the smart contract address to interact with a user’s wallet address.