“While this vulnerability has existed in ibc-go since the beginning, it only became exploitable due to recent developments in the Cosmos SDK ecosystem,” Asymmetric said in a blog post published Tuesday. The vulnerability was unlocked with the advent of “IBC middleware” – third-party applications built using CosmWasm, a WebAssembly-based smart contract runtime, that allows tokens to be used across blockchains.