Developers disclose major vulnerability in all IBC-enabled chains on Cosmos

Quick Take

  • Cosmos developers have reported a critical security vulnerability across its IBC-enabled blockchains.
  • Cosmos co-founder Ethan Buchman said that developers will have to deploy a security patch on Friday.

Developers have disclosed a critical software vulnerability within all Cosmos blockchains that run the inter-blockchain communication protocol (IBC), the network's cross-chain messaging and bridge protocol.

The developers discovered the security issue during a software audit of the Cosmos network in light of the $100 million bridge hack on BNB Chain, a blockchain that uses Cosmos software under its hood, Cosmos co-founder Ethan Buchman wrote in a blog update on the project's community forum on Thursday.

"Members of the core Cosmos and Osmosis teams have been extensively auditing IBC in the aftermath of the BSC exploit. We have discovered a critical security vulnerability that impacts all IBC-enabled Cosmos chains, for all versions of IBC," Buchman said.

To fix its vulnerability, all of the IBC-enabled Cosmos blockchains will have to deploy a public security patch planned for release at 10 a.m. EDT on Friday, Buchman said, adding a private patch was sent to chains and deployed already. He further said that validators of various Cosmos chains may halt their networks during the Friday upgrade.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

"Given the severity, we have been working tirelessly with core development teams and validators across the ecosystem to make the patch available privately and ensure chains are patched before communicating publicly," Buchman wrote.

In cybersecurity, a critical vulnerability refers to a software bug that can allow hackers to break network systems to steal either data or funds. Cosmos is a blockchain network consisting of interoperable, application-specific blockchains. These chains can interact with one another using the IBC protocol.

Currently there are 51 blockchains in the Cosmos ecosystem that support the IBC protocol, including Osmosis, Cosmos Hub, Axelar, Evmos, Injective, Juno, Sifchain, and Cronos, according to Cosmos network explorer Map Of Zones. 

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]