Axelar Bridge and Secret Network Hack: 'Infinite Mint' Vulnerability Leads to $4.67 Million Loss

On June 19, the blockchain project Axelar officially confirmed the hack of the cross-chain bridge connecting its network with the Secret Network protocol. The attacker managed to withdraw approximately $4.67 million by exploiting a critical vulnerability known as the "infinite mint bug."
Attack Details
According to an analysis conducted by the Common Prefix team, the primary developer of Axelar, the bug was found in a modified ICS-20 smart contract operating on the Secret Network side within the Cosmos IBC connection. The issue was that the algorithm creating "wrapped" versions of assets (saToken) did not verify which specific channel the incoming transaction originated from. This allowed the attacker to fabricate deposits and mint tokens without real backing.
Since operations on the network did not require permission, the attacker launched their own Cosmos chain with a single validator. From this chain, they sent packets with fake asset denominations, leading to the theft of funds. Notably, the incident went unnoticed for seven days.
Reaction and Consequences
The Axelar Emergency Committee immediately disabled the Secret and Secret-SNIP connections to halt further unauthorized transfers. The project team is already coordinating with exchanges and law enforcement agencies to track the stolen funds and potentially recover them.
It is important to emphasize that the incident only affected specific coins: saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH. The core Axelar protocol, other IBC connections, and native Secret Network assets remained untouched.
Market and SCRT Price
Despite the severity of the hack, the market reacted unexpectedly. The price of the Secret token (SCRT) surged nearly 6% at one point, reaching $0.06. After a correction, the asset is trading around $0.058, maintaining a daily gain of about 3%. The market capitalization stands at approximately $20 million. For context, at its all-time high in October 2021, SCRT was worth $10.64, which is 99.5% above current levels.

Expert Commentary
This incident is yet another reminder that even in mature ecosystems like Cosmos IBC, weak points remain in smart contract implementations. The "infinite mint" vulnerability is a classic error arising from insufficient input validation. For investors, this is a signal: always check which assets you hold in "wrapped" form and how secure the bridge through which they passed is. In this case, the prompt response of the Axelar team and their transparency in the investigation are positive signs, but the market is not yet panicking, possibly due to the relatively small capitalization of the affected assets.