Developers disclose major vulnerability in all IBC-enabled chains on Cosmos
Developers have disclosed a critical software vulnerability within all Cosmos blockchains that run the inter-blockchain communication protocol (IBC), the network’s cross-chain messaging and bridge protocol.
The developers discovered the security issue during a software audit of the Cosmos network in light of the $100 million bridge hack on BNB Chain, a blockchain that uses Cosmos software under its hood, Cosmos co-founder Ethan Buchman wrote in a blog update on the project’s community forum on Thursday.
«Members of the core Cosmos and Osmosis teams have been extensively auditing IBC in the aftermath of the BSC exploit. We have discovered a critical security vulnerability that impacts all IBC-enabled Cosmos chains, for all versions of IBC,» Buchman said.
To fix its vulnerability, all of the IBC-enabled Cosmos blockchains will have to deploy a security patch planned for release at 10 a.m. EDT on Friday, Buchman said, adding that validators of various Cosmos chains may halt their networks during the Friday upgrade.
«Given the severity, we have been working tirelessly with core development teams and validators across the ecosystem to make the patch available privately and ensure chains are patched before communicating publicly,» Buchman wrote.
In cybersecurity, a critical vulnerability refers to a software bug that can allow hackers to break network systems to steal either data or funds. Cosmos is a blockchain network consisting of interoperable, application-specific blockchains. These chains can interact with one another using the IBC protocol.
Currently there are 51 blockchains in the Cosmos ecosystem that support the IBC protocol, including Osmosis, Cosmos Hub, Axelar, Evmos, Injective, Juno, Sifchain, and Cronos, according to Cosmos network explorer Map Of Zones. All of these projects will have to deploy a patch to secure themselves against hacks.