Fun

Cosmos patches ‘critical’ IBC protocol bug saving $126M

News Feed - 2024-04-24 10:04:26

Brayden Lindrea7 hours agoCosmos patches ‘critical’ IBC protocol bug saving $126MIBC has always had the bug but it only recently became exploitable due to developments in the protocol’s codebase, Asymmetric Research said.2877 Total views1 Total sharesNewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksCosmos developers have fixed a “critical” security bug in its Inter-Blockchain Communication (IBC) protocol which put at least $126 million at risk, says a blockchain security firm that privately notified Cosmos of the issue.


“We privately disclosed the vulnerability through the Cosmos HackerOne Bug Bounty program and the issue is now patched,” Asymmetric Research said on April 23.


“No malicious exploitation took place and no funds were lost,” it added.Source:Asymmetric Research


The bug could have allowed a reentrancy attack allowing a hacker to mint infinite tokens on IBC-connected chains like Osmosis and other decentralized finance ecosystems on Cosmos.“We believe at least 126M+ in assets could have been stolen on Osmosis. However, rate limiting on Osmosis slows down the damage that could be caused.”


Rate limits serve to prevent or at least mitigate attacks that attempt to overwhelm a system by controlling the rate at which requests are made.


Asymmetric noted the bug has existed in ibc-go — a high-level programming language implementation of IBC — since it launched in 2021.


The bug only recently became exploitable, however, after Cosmos devs launched a new third-party application called IBC middleware — which allows ICS20 (interchain token standard) tokens to cross chains.


Related:Cosmos Hub greenlights ATOM inflation cut for security boost


“This issue demonstrates how easy it is to break trust assumptions and introduce new vulnerabilities by adding new features and functionality. It is also another example of the importance of defense-in-depth,” Asymmetric emphasized.“This vulnerability highlights the critical need for more research into cross-chain security risks to protect the multichain ecosystem better."


The bug was patched up by Cosmos dev Carlos Rodriguez about three weeks ago, a GitHub commit shows.


Another “critical” security vulnerability was identified in the IBC protocol in October 2022, which impacted all IBC-connected chains but was patched before any potential exploit.


Magazine:Are DAOs overhyped and unworkable? Lessons from the front lines# Blockchain# Altcoin# Research# Business# Security# Hackers# Cybersecurity# HacksAdd reaction

News Feed

Tom Blackstone16 hours agoOptimism network transactions surged 67% following Bedrock upgrade — NansenThe Optimism layer-2 network saw less than 300,000 transactions per day around the time of the upgrade, but this numb
ByBit exchange halts operations in France
Vince Quill1 hour agoByBit exchange halts operations in FranceByBit has been at odds with the Autorité des Marchés Financiers (AMF) since 2022 when the regulator blacklisted the exchange.485 Total views3 Total sharesLi
Crypto Fundraising Is Changing Again in 2020
Crypto Fundraising Is Changing Again in 2020 Funding is a prerequisite for any new crypto project, but with IEOs likely to play a reduced role in 2020, where will the all-importa
Colosseum raises $60M to support Solana’s hackathon teams
Ana Paula Pereira8 hours agoColosseum raises $60M to support Solana’s hackathon teamsThe capital will fund pre-seed investments for teams accepted into Colosseum’s Accelerator program.839 Total views3 Total sharesLis
Eigenlayer launches EIGEN token — but it’s nontransferable till September
Christopher Roark5 hours agoEigenlayer launches EIGEN token — but it’s nontransferable till SeptemberEigenlayer launched a claims process for its highly anticipated EIGEN token, but it won’t be transferable to othe
Kraken considers dropping USDT in Europe ahead of new regulations
Ana Paula Pereira6 hours agoKraken considers dropping USDT in Europe ahead of new regulationsWith new regulations in Europe set to enforce strict limits on transactions and reserve requirements, Kraken is assessing its s
SEC Chair Gensler Proposes ‘One Rule Book’ Crypto Regulation
SEC Chair Gensler Proposes "One Rule Book" Crypto Regulation The chairman of the U.S. Securities and Exchange Commission (SEC), Gary Gensler, has reportedly proposed “one ru
ETH 2.0 Contract Surpasses 9 Million Ethereum Worth $28 Billion
ETH 2.0 Contract Surpasses 9 Million Ethereum Worth $28 Billion The number of ether locked in the Ethereum 2.0 contract has exceeded 9 million ethereum or more than $28 billion usi
Centric Completes Migration to Binance Smart Chain
Centric Completes Migration to Binance Smart Chain press release PRESS RELEASE. After two-and-a-half years on the TRON blockchain, cryptocurrency project Centric
SUI Inches Closer To $3.9 Support Under Growing Bearish Influence
Este artículo también está disponible en español. SUIis steadily approaching the $3.9 level, weighed down by increasing bearish momentum that has put pressure on buyers t
Biggest Movers: LUNC 13% Higher, as US CPI Boosts Crypto Markets
Biggest Movers: LUNC 13% Higher, as US CPI Boosts Crypto Markets Terra classic has been one of Thursday’s biggest gainers, as crypto markets found light in the form of the latest
Bitcoin Miner Bitdeer Technologies to List on Nasdaq via SPAC Deal
Bitcoin Miner Bitdeer Technologies to List on Nasdaq via SPAC Deal According to a recent filing with the U.S. Securities and Exchange Commission (SEC), Bitdeer Technologies Holding