Cosmos developers fix vulnerability with $126 million in potential damage
A critical bug was discovered by a third-party company and fixed by a blockchain developer about three weeks ago
24.04.2024 - 15:20
49
3 min
0
What’s new? The developers of the Cosmos blockchain ecosystem have fixed a critical vulnerability in the Inter-Blockchain Communication (IBC) protocol that could have resulted in a loss of at least $126 million. This was announced by blockchain audit firm Asymmetric Research, which discovered the vulnerability as part of the Cosmos HackerOne Bug Bounty white-hat hacker bounty program and privately reported it to the developers.
What else is known? The bug allowed hackers to perform a reentrancy attack and issue an unlimited number of tokens in Cosmos ecosystem blockchains connected to the IBC protocol, such as Osmosis. That said, the presence of limits in Osmosis could have prevented or at least mitigated the potential damage.
The bug has existed since the launch of IBC in 2021, but only became available for exploit after the recent launch of a third-party IBC middleware application for transferring ICS20 standard tokens between blockchains.
The bug in the protocol was fixed by Cosmos developer Carlos Rodríguez about three weeks ago. According to Asymmetric Research, hackers were unable to detect it and perform an exploit using it, so no funds were lost.
In October 2022, another critical security vulnerability was identified in the IBC protocol that could also affect all networks connected to the IBC. It was also patched before the attack occurred.
In February 2023, dWallet Labs auditors discovered a $500 million zero-day vulnerability in the TRON blockchain, which was also patched before the exploit occurred.
Cosmos Hub rejects a proposal to reduce the maximum inflation rate to zero
The indicator remained at 7%
In April this year, real-world asset tokenization platform Ondo Finance partnered with blockchain Noble to announce the issuance of USDY tokenized US Treasury bonds with a yield of ,2% per annum in the Cosmos ecosystem. They are now already available on Ethereum, Solana, Mantle, and Sui.
Also, this month, Grayscale investment company, which manages the GBTC spot bitcoin exchange-traded fund, completely sold Cosmos (ATOM) native tokens from the portfolio of its Grayscale Smart Contract Platform Ex-Ethereum Fund (GSCPxE) fund.
Useful material?
Incidents
Roger Ver has been accused of not paying taxes
May 1, 2024
Mining
After the publication of the financial report, the company’s shares added 5%
Apr 30, 2024
Market
The commission had previously warned the developer of potential enforcement actions
Apr 29, 2024
Market
Funds can be seized by law enforcers due to links to illegal activity
Apr 26, 2024
Market
Tether Finance division will be responsible for the issuance and redemption of USDT stablecoins
Apr 18, 2024
Trends
The first project introduced on the platform will be BounceBit (BB)
Apr 18, 2024