Recently, Cosmos developers fixed a critical security bug that had been affecting the Inter-Blockchain Communication (IBC) protocol for quite some time.

According to Assymetric Research, the bug compromised more than $126 million in funds, but they discovered and resolved the vulnerability through the Cosmos HackerOne Bug Bounty program.

Threat of a “reentrancy attack”

The bug could have enabled a ‘reentrancy attack’. If exploited, hackers could create infinite tokens on any IBC-connected chain like Celestia and other decentralized financial ecosystems on Cosmos.

Assymetric Research, a specialist security firm, noted that the bug had existed since 2021 on ibc-go, a programming language implementation of IBC. However, the bug was only recently exploitable after a Cosmos developer launched a new third-party application known as IBC middleware. This was developed to bridge tokens of the ICS20 interchain token standard between different blockchains.

This marks a step forward for blockchain interoperability, but also highlights the importance of security audits when introducing new features and capabilities on a blockchain.


Leave a Reply

Your email address will not be published. Required fields are marked *