Beosin: The Terra chain event vulnerability is a vulnerability in the cosmos base library
According to the Beosin Alert monitoring alert, the Terra chain has been suspended due to an emergency upgrade. It appears that someone has exploited the IBC vulnerability to mint multiple tokens on the Terra chain, including ASTRO. The Beosin security team analysis found that after the attacker instantiated the contract on Terra, the reentry vulnerability of timeout callbacks in ibc-hooks has been used to transfer about 60 million ASTRO, 3.50 million USDC, 500,000 USDT and 2.7 BTC. The vulnerability was disclosed in April this year and belongs to the vulnerability in the cosmos base library, but Terra has not fixed it.