Last week’s BNB blockchain attack led Cosmos developers to inspect their IBC code. They discovered a critical security vulnerability that put all IBC-enabled blockchains at risk.
It seems that the entire Cosmos ecosystem has been put at risk by a single vulnerability.
According to an announcement published on Cosmos Hub’s governance forum by co-founder Ethan Buchman, the lead developers recently discovered a “critical security vulnerability that impacts all IBC-enabled Cosmos channels, for all versions of IBC“.
Cosmos is a decentralized network of blockchains connected by the Inter-Blockchain Communication (IBC) protocol, which allows users to move from one Cosmos blockchain to another seamlessly. At the time of writing this article, there are 42 blockchains compatible with the IBC protocol including Cosmos Hub, Osmosis, Cronos and Evmos. According to the project’s website, the market capitalization of all IBC-enabled blockchains reaches $8.18 billion.
Other major blockchains such as OKX Chain, Luna Classic and Thorchain have also integrated IBC in the past. However, for various reasons, they either disabled the feature or never fully enabled it in the first place. BNB Chain is one such project. The recent attack on it (in which a hacker has drained 566 million from the blockchain bridge) prompted Cosmos developers to investigate whether other IBC blockchains might be vulnerable to the same exploit.
Buchman said steps had already been taken to patch major IBC blockchains. The patch was first made available privately to give developers and validators time to update their chains before the vulnerability was made public. According to him, more than a third of a blockchain’s voters need to apply a patch for the project to be secure. The site Cosmos SDK will release a public version of the patch on October 14 at 1400 UTC. Buchman advised all Cosmos channels and validators to upgrade to the public patch as soon as possible, even if they have already integrated the private patch.