Developers disclose major vulnerability in all IBC-enabled chains on Cosmos

Quick Take

  • Cosmos developers have reported a critical security vulnerability across its IBC-enabled blockchains.
  • Cosmos co-founder Ethan Buchman said that developers will have to deploy a security patch on Friday.

Developers have disclosed a critical software vulnerability within all Cosmos blockchains that run the inter-blockchain communication protocol (IBC), the network's cross-chain messaging and bridge protocol.

The developers discovered the security issue during a software audit of the Cosmos network in light of the $100 million bridge hack on BNB Chain, a blockchain that uses Cosmos software under its hood, Cosmos co-founder Ethan Buchman wrote in a blog update on the project's community forum on Thursday.

"Members of the core Cosmos and Osmosis teams have been extensively auditing IBC in the aftermath of the BSC exploit. We have discovered a critical security vulnerability that impacts all IBC-enabled Cosmos chains, for all versions of IBC," Buchman said.

To fix its vulnerability, all of the IBC-enabled Cosmos blockchains will have to deploy a public security patch planned for release at 10 a.m. EDT on Friday, Buchman said, adding a private patch was sent to chains and deployed already. He further said that validators of various Cosmos chains may halt their networks during the Friday upgrade.

"Given the severity, we have been working tirelessly with core development teams and validators across the ecosystem to make the patch available privately and ensure chains are patched before communicating publicly," Buchman wrote.

In cybersecurity, a critical vulnerability refers to a software bug that can allow hackers to break network systems to steal either data or funds. Cosmos is a blockchain network consisting of interoperable, application-specific blockchains. These chains can interact with one another using the IBC protocol.

Currently there are 51 blockchains in the Cosmos ecosystem that support the IBC protocol, including Osmosis, Cosmos Hub, Axelar, Evmos, Injective, Juno, Sifchain, and Cronos, according to Cosmos network explorer Map Of Zones. 


© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s Crypto Ecosystems Editor and has spent over seven years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal can be reached on Twitter at @vishal4c and via email at [email protected]