Cosmos Discloses A Major IBC Vulnerability Has Been Discovered

The co-founder of Cosmos, Ethan Buchman, announced this Thursday that a critical vulnerability affecting IBC-enabled Cosmos chains has been discovered. The vulnerability is allegedly present for all versions of IBC.

Cosmos Finds Critical IBC Security Vulnerability

According to the post, the Cosmos and Osmosis teams have been extensively auditing IBC since BNB got targeted in a major hack last week. The post alleges that the vulnerability is present on all versions of IBC, but that steps to remove it have already been taken.

Buchman explained that a chain is safe as soon as ⅓ of validators have applied the new security patch, but that everyone should strive to achieve at least ⅔ have upgraded. The public version of the security patch will become available on Friday, October 14th, at 10 AM EDT. The post says that there will most likely be no chain halts throughout the patching process, but it doesn’t completely rule them out.

The patch can be deployed individually by validators without a chain-halt upgrade and should be applied as soon as possible. That said, it is still possible that validators and/or chains will halt during the upgrade process. If this happens, please contact security@interchain.io immediately.

The announcement also clarifies that the vulnerability discovered by Cosmos and Osmosis is not related to the one disclosed by Verichains. Verichains announced on Wednesday it found a security vulnerability in the Cosmos library and that it notified both Cosmos and BNB about it.

Join our Telegram group and never miss a breaking digital asset story.

A Record-Breaking Month for Crypto Hacks

According to a report from Bloomberg, 2022 is on track to become a record-breaking year, and October a record-breaking month when it comes to crypto hacks. Allegedly, 125 hacks have been detected so far with more than $3 billion getting stolen. 

October alone saw the theft of more than $700 million with as much as $200 million being stolen in the previous seven days. While the BNB hack last Thursday got the bulk of the attention—and jumpstarted the recent Cosmos and Osmosis audit—Mango Markets also got targeted recently.

Earlier this week, Mango Markets got targeted when a hacker used an exploit to pull more than $100 million from it. Just the BNB hack and this week’s exploit saw more than $200 stolen.

Having burnt as much BNB as has been recently stolen, Binance appears to have not suffered catastrophic losses in the recent hack. Not all companies targeted by cybercriminals this year have been so lucky. Babylon Finance was forced to shut down in September citing the now-famous Rari hack as one of the main causes.

Do you think the recent hacks and the subsequent increase in scrutiny will lead to more vulnerabilities being discovered and patched before hackers get the chance to exploit them? Let us know in the comments below.