Cosmos Patches ‘Critical’ IBC Protocol Bug, Helps Save $126M
Cosmos developers fixed a critical bug in its Inter-Blockchain Communication (IBC) protocol that put a minimum of $126 million at risk.
Asymmetric Research, a blockchain security firm, disclosed that the bug was present in the IBC for a long time. However, it recently became exploitable due to developments in the protocol’s codebase. Following the discovery, the firm notified Cosmos of the vulnerability through the Cosmos HackerOne Bug Bounty program.
The security firm added that the system defect would allow a reentrancy attack, allowing hackers to mint infinite tokens on IBC-connected chains such as Osmosis and other decentralized finance ecosystems on Cosmos.
Cosmos Could Lose $126 Million
According to a potential damage analysis made, a threat actor could cart over $126M in assets on Osmosis if the bug remained. However, rate limits serve to prevent or at least mitigate attacks that attempt to overwhelm a system by controlling the rate at which requests are made.
Asymmetric Research noted that the bug has existed in IBC-go, a high-level programming language implementation of IBC since it launched in 2021.
However, the bug only recently became exploitable after Cosmos devs launched a new third-party application called IBC middleware, which allows tokens of the ICS20 interchain token standard to cross chains..
However, the bug only recently became exploitable after Cosmos devs launched a new third-party application called IBC middleware, which allows tokens of the ICS20 interchain token standard to cross chains.
Asymmetric asserted this issue demonstrates how easy it is to break trust assumptions and introduce new vulnerabilities by adding new features and functionality. It is also another example of the importance of defense-in-depth.
BlackRock & Grayscale Wait For SEC’s Spot ETH ETF Decisions
The United States Securities and Exchange Commission (SEC) has announced a delay in its decisions on the applications submitted by BlackRock and Grayscale for spot Ether exchange-traded funds (ETFs), it published the notice of Grayscale’s amendment filing on April 2.
Additionally, the SEC has released notices of the delay in Grayscale’s decision and amendments in BlackRock’s application, just a few hours after delaying its decision on Franklin Templeton’s proposed spot ETH ETF.
The SEC was to decide on converting digital asset manager Grayscale’s ETH Trust to a spot ETH exchange-traded product on NYSE Arca on April 24, but it has now extended the deadline by 60 days to June 23.