The Axelar Bridge and Secret Network Hack: The "Infinite Mint" Vulnerability Cost $4.67 Million

On June 19, the blockchain project Axelar officially confirmed a hack of the cross-chain bridge connecting its ecosystem with the Secret Network protocol. The attacker exploited a critical vulnerability known as "infinite minting," siphoning off assets worth approximately $4.67 million. The incident went unnoticed for seven days, highlighting the insufficient responsiveness of monitoring in decentralized systems.
Attack Details: How the Attacker Bypassed Security
According to an analysis conducted by Axelar's lead developer, the Common Prefix team, the bug was found in the ICS-20 smart contract, modified for operation on the Secret Network side within the Cosmos IBC connection. The vulnerability stemmed from a lack of verification of the channel from which the incoming transaction originated. This allowed the attacker to fabricate deposits and mint "wrapped" versions of assets (saToken) without real backing.
To exploit the vulnerability, the attacker launched their own chain within the Cosmos ecosystem with a single validator. Through this chain, they sent packets with fake asset denominations, enabling the generation of tokens on the Secret Network without any reserves.
Reaction and Consequences
Axelar's Emergency Committee immediately disabled the Secret and Secret-SNIP connections to prevent further unauthorized transfers. The team is coordinating with exchanges and law enforcement agencies to track the funds and potentially recover them. Importantly, the incident only affected the coins saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH. The core Axelar protocol, other IBC connections, and native Secret Network assets remained untouched.
Despite the news of the theft, the market reacted paradoxically: the price of the Secret token (SCRT) surged nearly 6%, reaching $0.06, before correcting to $0.058, maintaining a daily gain of about 3%. The market capitalization stands at approximately $20 million. For comparison, at its all-time high in October 2021, SCRT was worth $10.64, which is 99.5% above current levels. This suggests that investors do not yet see this incident as a fundamental threat to the network, although vulnerabilities in bridges remain one of the most acute problems in DeFi.
Expert Analysis
This case once again confirms that cross-chain bridges remain the "Achilles' heel" of decentralized ecosystems. The "infinite minting" vulnerability is a classic error in smart contract logic that requires thorough auditing of all channel and collateral checks. In the long term, if teams do not strengthen bridge security, such incidents will undermine trust in cross-network protocols, especially in a declining market where every dollar counts.