The past couple of months have been rife with tales of exploited blockchain ecosystems, whether due to coding errors or disgruntled employees.
After the most high-profile attack in recent months saw Binance Smart Chain exploited for several million dollars worth of BNB, the cybersecurity team at Cosmos has been conducting extensive audits as a precautionary measure.
Vulnerability Affects All IBC Chains
The vulnerability was announced on the Cosmos Network’s forum by Ethan Buchman, the co-founder of the Inter-blockchain Communication (IBC) network Cosmos.
It was discovered by Cosmos and Osmosis devs during the audit that followed the exploit of BSC – however, it’s worth noting that the attack has not yet been confirmed to be related to BSC in any way.
In response to a forum member, Buchman confirmed that the uncovered exploit is also unrelated to the bug discovered by Verichain recently. He also stated that the bug discovered by Verichain does not actually affect IBC chains.
Patch to Be Applied by Tomorrow
According to the blog post, the team at Cosmos has already communicated with devs of major IBC projects to ensure a patch is applied before word gets out to the wrong people.
“Steps have already been taken to ensure that all major public IBC-enabled chains have been patched. Given the severity, we have been working tirelessly with core development teams and validators across the ecosystem to make the patch available privately and ensure chains are patched before communicating publicly.”
The patch will be published in the Cosmos SDK today, Friday the 14th, by 14:00 UTC to allow devs of smaller projects to update their networks as well. A chain halt is reportedly unnecessary for the patch to be applied, and IBCdevs can consider their projects safe once one-third of a chain’s voters have voted to deploy the upgrade.
Nevertheless, a minimum of two-thirds are recommended – which should not be a problem to reach, considering it is a vote to fix a critical vulnerability.
The announcement closes with a request to contact the IBC team via email in case of any issues and appeals to white hat hackers to submit a bug bounty if further vulnerabilities are discovered. Hopefully, Cosmos’ success story will inspire other platforms to perform extensive security audits more often, bringing the string of spaghetti code-induced exploits to a halt.