BTC
$81,438.78
-
0.26%
ETH
$1,554.41
-
2.52%
USDT
$0.9994
-
0.03%
XRP
$2.0091
+
0.79%
BNB
$580.35
+
0.37%
SOL
$116.76
+
1.75%
USDC
$0.9999
+
0.00%
DOGE
$0.1571
+
0.84%
TRX
$0.2370
-
1.05%
ADA
$0.6238
+
0.28%
LEO
$9.4127
+
0.24%
LINK
$12.38
+
0.16%
AVAX
$18.54
+
2.45%
XLM
$0.2362
+
1.03%
TON
$2.9294
-
2.62%
HBAR
$0.1714
+
0.97%
SUI
$2.1801
+
2.03%
SHIB
$0.0₄1198
-
0.63%
OM
$6.4675
-
3.87%
BCH
$299.25
+
0.82%
Sign Up
Select Language
English enEspañol esItaliano itРусский ruFrançais frPortuguês pt-brУкраїнська ukFilipino fil
Logo
Tech
Share this article

Cosmos-Based Juno Blockchain Pushed Offline in Apparent Attack

A malicious smart contract has put the network out of commission for over 24 hours and comes less than a month after a controversial governance vote.

By Sam Kessler
Updated May 11, 2023, 5:00 p.m. Published Apr 6, 2022, 11:59 p.m.
(Randall Bruder/Unsplash)
(Randall Bruder/Unsplash)

Cosmos-based blockchain Juno went offline on Tuesday as the result of a suspected attack on the network.

The network remains offline as of press time, but no user funds have been impacted and the Juno core development team says a fix is in the works, according to a retweet from the project’s official Twitter handle.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the The Protocol Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

A Juno core developer speaking to CoinDesk on the condition of anonymity said the network crash stemmed from a malicious smart contract masked to look like a simple “hello world” program.

The suspected attacker sent a string of over 400 transactions to the smart contract over the course of three days in a process of apparent trial and error – eventually landing on a specific combination of transactions that crashed the network.

According to the developer who spoke with CoinDesk, the attacker exploited a blockchain vulnerability that Juno planned to address via an update scheduled for a few hours after the attack. The developer says the vulnerability had been publicly disclosed, as it impacted all blockchains that use the CosmWasm smart contract platform.

This is the second major challenge Juno has faced in the past month. In March a controversial governance vote removed tokens from a “whale” accused of manipulating a JUNO airdrop – an unprecedented case of a decentralized community directly voting to cut a wallet’s token balance.

The JUNO token, which has a $1 billion market cap according to CoinGecko, has dropped 7% in the past 24 hours.

Read more: Juno's Proposal 16 Vote Is a Watershed for Blockchain Governance – For Better or Worse

As of now, the identity of the attacker is unknown.

According to Daniel Hwang, head of protocols at Stakefish, which runs a validator for Juno, members of the Juno community are trying to figure out who would have been motivated to execute the attack for no obvious financial gain. According to Hwang, token holders are pointing fingers at potential culprits ranging from competitor blockchains to bagholders on the losing end of last month’s governance vote.

CosmosJunoAttack
Sam Kessler

Sam is CoinDesk's deputy managing editor for tech and protocols. His reporting is focused on decentralized technology, infrastructure and governance. Sam holds a computer science degree from Harvard University, where he led the Harvard Political Review. He has a background in the technology industry and owns some ETH and BTC. Sam was part of the team that won a 2023 Gerald Loeb Award for CoinDesk's coverage of Sam Bankman-Fried and the FTX collapse.

X icon
Sam Kessler