- A Juno core developer pointed to a malicious smart contract as the cause
- Assailant exploited a blockchain vulnerability, which Juno had planned to deal with that same day
- A whale holder had his tokens taken away in a controversial Juno governance vote
Cosmos-based blockchain Juno has gone offline due to a suspected attack on the network, CoinDesk reported. At the time of publication, the network remained offline. User funds have not been affected.
The Juno team is working on fixing the issue according to a retweet from the project’s official Twitter handle.
Malicious smart contract at core
A Juno core developer who asked to remain anonymous pointed to a malicious smart contract as the cause of the crash. It was concealed to look like a simple “hello world” program.
The suspected cybercriminal sent a string of hundreds of transactions to the smart contract over several days. In this process of apparent trial-and-error, he ended up hitting upon the combination of transactions that crashed the blockchain.
According to the developer, cited by CoinDesk, the assailant exploited a blockchain vulnerability, which Juno had planned to deal with in an update scheduled literally hours after the attack. He added that Juno had disclosed the vulnerability publicly because it affected all blockchains that use the CosmWasm smart contract platform.
Not a first for Juno
This is not the first major challenge Juno has faced in recent times. Last month, a whale was accused of doctoring a Juno token airdrop and subsequently had his tokens taken away in a controversial governance vote. It was an unprecedented case of an ecosystem’s community directly voting to limit a wallet’s token balance.
No obvious financial gain
Members of the Juno community fail to grasp the reason for the attack, which doesn’t seem to involve profit. Daniel Hwang, head of protocols at Stakefish, which runs a validator for Juno, told CoinDesk that token holders are desperate to put the blame on someone. Potential culprits range from competing blockchains to investors who lost money over the scandalous governance vote in March.
The JUNO token’s market cap is one billion according to CoinGecko. At the time of writing, it was trading for $22.27 with a 24-hour trading volume of $3.35 million and had lost 5.66% in the last 24 hours.
The identity of the attacker remains a mystery.