Cosmos developers fix vulnerability with $126 million in potential damage

What’s new? The developers of the Cosmos blockchain ecosystem have fixed a critical vulnerability in the Inter-Blockchain Communication (IBC) protocol that could have resulted in a loss of at least $126 million. This was announced by blockchain audit firm Asymmetric Research, which discovered the vulnerability as part of the Cosmos HackerOne Bug Bounty white-hat hacker bounty program and privately reported it to the developers.

Source: Twitter.com

What else is known? The bug allowed hackers to perform a reentrancy attack and issue an unlimited number of tokens in Cosmos ecosystem blockchains connected to the IBC protocol, such as Osmosis. That said, the presence of limits in Osmosis could have prevented or at least mitigated the potential damage.

What is Cosmos (ATOM)

We explain the structure of the ecosystem for creating blockchains

Read more

The bug has existed since the launch of IBC in 2021, but only became available for exploit after the recent launch of a third-party IBC middleware application for transferring ICS20 standard tokens between blockchains.

The bug in the protocol was fixed by Cosmos developer Carlos Rodríguez about three weeks ago. According to Asymmetric Research, hackers were unable to detect it and perform an exploit using it, so no funds were lost.

In October 2022, another critical security vulnerability was identified in the IBC protocol that could also affect all networks connected to the IBC. It was also patched before the attack occurred.

In February 2023, dWallet Labs auditors discovered a $500 million zero-day vulnerability in the TRON blockchain, which was also patched before the exploit occurred.

Cosmos Hub rejects a proposal to reduce the maximum inflation rate to zero

The indicator remained at 7%

Read more

In April this year, real-world asset tokenization platform Ondo Finance partnered with blockchain Noble to announce the issuance of USDY tokenized US Treasury bonds with a yield of ,2% per annum in the Cosmos ecosystem. They are now already available on Ethereum, Solana, Mantle, and Sui.

Also, this month, Grayscale investment company, which manages the GBTC spot bitcoin exchange-traded fund, completely sold Cosmos (ATOM) native tokens from the portfolio of its Grayscale Smart Contract Platform Ex-Ethereum Fund (GSCPxE) fund.