Developers Block Potential ‘Eight-Figure’ Exploit Involving Cosmos-Based Ethermint

Ethermint enables the use of Ethereum smart contracts within the Cosmo ecosystem and is employed by several chains, including Cronos, Kava and Canto.

AccessTimeIconApr 14, 2023 at 6:36 a.m. UTC
Updated Apr 14, 2023 at 3:06 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

A recent vulnerability affecting the Cosmos ecosystem and Ethermint was recently discovered by crypto trading firm Jump Crypto and blocked before it could cause an impact of as much as "eight figures" in U.S. dollars, Cosmos developers Evmos told CoinDesk.

The compromised network in this incident was Ethermint, which enables the use of Ethereum smart contracts within the Cosmo ecosystem and is employed by several chains, including Cronos, Kava and Canto.

The bug could have potentially allowed an attacker to bypass specific smart contract functions called handlers, leading to transaction fee theft and denial of service to users.

Immediately upon receiving the report, the Evmos Core Development team and the Cronos team collaborated with Jump Crypto to address the issue. The implementation included a patch to block transactions with "MsgEthereumTx" messages, allowing to the elimination of the attack vector.

No malicious exploitation occurred, ensuring the continued stability and reliability of the affected chains.

The Cronos team awarded Jump Crypto a $25,000 bounty for discovering and disclosing the vulnerability.

Evmos said that the root cause of the vulnerability lay in the improper handling of transactional messages in the Ethermint implementation, specifically the interaction between the MsgEthereumTx message and the MsgExec message.

The MsgExec message is used in the Cosmos SDK to allow authorized message execution by allowing one account to grant authorization to another account. However, this feature was not properly secured, allowing the attacker to bypass the ‘EthGasConsumeDecorator,’ which is responsible for deducting gas fees from transactions.

The attacker exploited the vulnerability by embedding a MsgEthereumTx message inside a MsgExec message. This bypassed the EthGasConsumeDecorator, resulting in the attacker not paying gas fees for their transactions.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Shaurya Malwa

Shaurya is the Deputy Managing Editor for the Data & Tokens team, focusing on decentralized finance, markets, on-chain data, and governance across all major and minor blockchains.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.