Terra Exploit Causes 60% Drop in Astroport (ASTRO) Price

Astroport’s (ASTRO) price plunged 60% on Wednesday, bearing the brunt of an attack on Terra’s blockchain. The attacker looted almost $5 million in various tokens, causing the network to halt transactions for an emergency patch.

Such attacks usually capitalize on system vulnerability. They have become increasingly sophisticated, affecting unsuspecting investors and causing significant financial damage.

Astroport Suffers in Terra Blockchain Attack

In the Terra blockchain attack, the exploiter stole 60 million ASTRO, 3.5 million USDC, 500,000 USDT stablecoins, and 2.7 Bitcoin. The specific tokens, being the only non-native tokens with meaningful liquidity on Terra, likely attracted attention and became targets.

The attacker has sold most of the tokens and bridged them to Ethereum (ETH). Since the exploiter still has some left, traders anticipate a further downside for ASTRO. 

I can’t believe people are actively trading ASTRO right now while the exploiter still has 19m tokens in their wallet valued at around $350k,” one user said.

Read more: Crypto Project Security: A Guide to Early Threat Detection

ASTRO token’s dip comes as Astroport provides Automated Market Maker (AMM) services to the Terra ecosystem. Astroport is a decentralized, permissionless, open-source marketplace governed by community members and ASTRO token holders. The Astroport AMM enables traders to use Terra’s most popular decentralized exchange on Terra 2.0 and Terra Classic.

“As momentum behind Terra 2.0 grows, Astroport’s community members have spoken loudly. They see a need for an automated market maker (AMM) that they know and trust on Terra 2.0. Astrochad agrees,” a paragraph in the blog read, announcing the collaboration in 2022.

How The Recent Exploit Happened

In the Terra blockchain incident, the attacker exploited a reentrancy vulnerability in the timeout callback of IBC hooks associated with a third-party module. Smart contract auditor Beosin indicates that this vulnerability was disclosed in April. While patched, the bug was inadvertently reintroduced in a chain update in June. 

IBC-hooks Vulnerability in the Terra Blockchain Attack. Source GitHub

After acknowledging the attack, Terra halted the blockchain, allowing for an emergency patch and exploit remediation. According to an official update, the process is complete, and operations are back to normal.

“The Terra chain has resumed block production at approximately 4:19 AM UTC today and the emergency chain upgrade is now complete. Transactions are now being processed, and users may resume normal activities,” the update read.

Following the incident, however, the network implemented new changes. Among them, validators holding over 67% of the voting power on Terra upgraded their nodes to prevent the exploit from recurring. More validators will upgrade soon.

Nevertheless, this incident shows that attacks continue to prey on system vulnerabilities. Only recently, WazirX, a major Indian crypto exchange, suffered a $230 million loss from a cyber-attack, impacting nearly half its reserves.

Read more: Top 9 Safest Crypto Exchanges in 2024

As hackers continue to prey on crypto projects, Terra’s incident shows that even an audit cannot guarantee a project’s safety. This is why it is especially important to preemptively consider the actions required to control the damages if an attack has already happened.