Attackers exploit IBC hooks vulnerability to steal around $3 million in tokens from the Terra blockchain.

Odaily Planet Daily News reported that Terra blockchain has disclosed a security vulnerability on its network. An unknown attacker exploited a known vulnerability related to the third-party module IBC hooks, which is used for cross-chain contract calls and token transfers. The attacker used this loophole to steal funds from bridged assets, including $USDC and Astroport tokens. Initial estimates indicate that tokens worth approximately 3 million US dollars may be affected. Upon discovering the incident, Terra implemented emergency measures to prevent further damage and ensure that no additional tokens are stolen during the vulnerability resolution. It is reported that the vulnerability was discovered several months ago and was patched across the entire Cosmos ecosystem in April. However, Zaki Manian, co-founder of Sommelier Finance, explained that the June upgrade of Terra did not include this patch, leading to the subsequent attack (The Block). Earlier today, Terra tweeted that the Terra chain briefly paused at block height 11430400, during which transactions will not be processed. Terra will collaborate with validators on Terra (phoenix-1) to apply an emergency patch to fix the suspicious vulnerability.