AstroPort Malicious CosmWasm Reentrancy Attack

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

AstroPort Logo/Homepage

Astroport is a decentralized finance (DeFi) platform built in Rust that operates across multiple blockchains, aiming to be a central hub for asset exchanges in the Cosmos ecosystem. It provides a flexible Automated Market Maker (AMM) system with various specialized pools, enabling decentralized, non-custodial liquidity and price discovery for any crypto asset. Recently, a vulnerability in the Inter-Blockchain Communication (IBC) protocol was exploited, leading to a major security breach. The exploit involved a reentrancy issue allowing malicious actors to execute unauthorized transactions, resulting in the minting of additional tokens, including $ASTRO, and significant financial losses. In response, the Terra blockchain has halted operations to implement emergency fixes. The price of the ASTRO token dropped sharply by up to 71%, while LUNA's price fell slightly by 3%. The total value locked on Terra also decreased by 15% following the incident.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18]

About AstroPort

"Astroport. The future of trading" "Written from scratch in Rust, Astroport combines the best pieces of six years of development on the Ethereum blockchain and delivers it on multiple blockchains with a unique hub and outpost model." "Astroport is the central space station of the DeFi solar system, where travelers throughout the galaxy meet to exchange assets in a neutral marketplace. The philosophy behind Astroport is simple:

Enabling decentralized, non-custodial liquidity and price discovery for any crypto asset.

Astroport prioritizes flexibility, combining various specialized pool types and routing seamlessly across them."

"Astroport's vision is to become the prevailing next-generation AMM with deep liquidity pools and significant trading volumes for the Cosmos ecosystem. Better pricing will allow Astroport to attract more liquidity, leading to a self-reinforcing loop."

"The essential primitive within any DeFi ecosystem is the asset exchange functionality. Automated Market Makers (AMMs) like Astroport enable swaps in a decentralized, non-custodial, way.

With Astroport, liquidity providers (LPs) can choose different pool types within a single and effective AMM system. Thus, anyone can onboard and trade tokens in a permissionless way. Moreover, no captain or bureaucrat can stop them, as the station is owned solely by its users."

The Reality

"Through the deployment and subsequent use of a malicious CosmWasm contract via IBC interactions, an attacker could potentially execute the same MsgTimeout inside the IBC hook for the OnTimeout callback before the packet commitment is deleted. On chains where ibc-hooks wraps ICS-20, this vulnerability may allow for the logic of the OnTimeout callback of the transfer application to be recursively executed, leading to a condition that may present the opportunity for the loss of funds from the escrow account or unexpected minting of tokens."

What Happened

"According to Beosin, the attacker exploited a reentrancy vulnerability related to the interoperability function of the Cosmos ecosystem called Inter-Blockchain Communication (IBC), which was disclosed in April this year."

Key Event Timeline - AstroPort Malicious CosmWasm Reentrancy Attack
Date Event Description
July 30th, 2024 6:31:23 AM MDT Attacker Account Funded The attacker account is funded by an ethereum transaction.
July 30th, 2024 4:09:15 PM MDT Attack Transaction The timestamp of the attack transaction referenced by Rarma in their post on X.
July 30th, 2024 8:45:00 PM MDT Tweet By Rarma Twitter user and ASTRO holder Rarma reports that millions are going through a wallet in a suspicious manner, and they are looking into what is happening further.
July 30th, 2024 10:06:00 PM MDT Terra Blockchain Suspension Terra announces a suspension of the blockchain to "remediate a suspected exploit".
July 30th, 2024 10:17:05 PM MDT Terra Blockchain Suspension The terra blockchain is actually suspended at block 11430400.
July 30th, 2024 10:45:00 PM MDT Astroport Acknowledgement Astroport publishes a tweet acknowledging the exploit.
July 31st, 2024 1:23:00 AM MDT Boesin Tweet Published Boesin publishes a tweet which is later referenced by CryptoBriefing.
July 31st, 2024 6:32:44 AM MDT CryptoBriefing Article Published CryptoBriefing publishes an article about the exploit.

Technical Details

"According to Beosin, the attacker exploited a reentrancy vulnerability related to the interoperability function of the Cosmos ecosystem called Inter-Blockchain Communication (IBC), which was disclosed in April this year."

Total Amount Lost

The total amount lost has been estimated at $6,400,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

"Actively looking into WHAT is happening. The wallet never receives morre than56 LUNA and 7.8k USDC and leaves with MILLIONS.

A contract is instantiated on Terra, which is then called with an IBC transfer that times out, and tokens arrive in the account, which then get IBC transferred out.

"Attention Terra users: Please be advised that the chain will be halted shortly at block height 11430400 and transactions will not be processed during this time.

We will be working with the validators on Terra (phoenix-1) to apply an emergency patch thereafter to remediate a suspected exploit."

"Terra chain has halted for emergency upgrades.

It appears an IBC vulnerability was exploited in order to mint several tokens on Terra chain, including $ASTRO. As the chain has now halted, no further tokens are able to be minted at this time.

The Astroport contributors are working with the other chains and Cosmos builders to determine what measures can be taken. We will keep you updated as we learn more."

"The price of the token ASTRO, native to the decentralized exchange Astroport, slumped up to 71% following the exploit news. Meanwhile, the price of the token LUNA remained relatively steady, falling 3% in the past 24 hours. The total value locked at Terra also took a hit after the exploit, shrinking by 15%."

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

The total amount recovered is unknown.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Rekt - Astroport - Rekt (Accessed Aug 6, 2024)
  2. @Rarma_ Twitter (Accessed Aug 6, 2024)
  3. Mintscan (Accessed Aug 6, 2024)
  4. Ethereum Transaction Hash (Txhash) Details | Etherscan (Accessed Aug 6, 2024)
  5. Mintscan (Accessed Aug 6, 2024)
  6. ASA-2024-007: Potential Reentrancy using Timeout Callbacks in ibc-hooks · Advisory · cosmos/ibc-go · GitHub (Accessed Aug 6, 2024)
  7. @TobyFrei4 Twitter (Accessed Aug 6, 2024)
  8. @astroport_fi Twitter (Accessed Aug 6, 2024)
  9. @terra_money Twitter (Accessed Aug 6, 2024)
  10. Mintscan (Accessed Aug 6, 2024)
  11. Terra hit by $6 million loss as attacker exploits vulnerability known since April (Accessed Aug 6, 2024)
  12. @BeosinAlert Twitter (Accessed Aug 6, 2024)
  13. Astroport. The future of trading. (Accessed Aug 6, 2024)
  14. Astroport Docs (Accessed Aug 6, 2024)
  15. Astroport Onboarding | Astroport Docs (Accessed Aug 6, 2024)
  16. The Impact | Astroport Docs (Accessed Aug 6, 2024)
  17. The Vision | Astroport Docs (Accessed Aug 6, 2024)
  18. Launching the Astroport brand into the creative commons (Accessed Aug 6, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=AstroPort_Malicious_CosmWasm_Reentrancy_Attack&oldid=6152"