Crypto news

21.06.2026
18:12

Axelar Bridge and Secret Network Hack: Hacker Steals $4.67 Million Through Infinite Minting

хакеры hackers, перемещение средств 2

On June 19, the blockchain project Axelar disclosed a hack of its cross-chain bridge with the Secret Network protocol. The attacker withdrew approximately $4.67 million by exploiting an infinite mint bug vulnerability. The incident went unnoticed for seven days.

How the Attack Occurred

During an expert analysis conducted by the Common Prefix team, Axelar's primary developer, the bug was discovered in the ICS-20 smart contract deployed on the Secret Network side as part of the Cosmos IBC connection. This contract was responsible for creating wrapped versions of assets (saToken) but did not verify which channel the incoming transaction originated from. This allowed the attacker to falsify deposits and mint tokens without real backing.

Since the operations required no permission, the attacker launched their own chain with a single validator on the Cosmos network, from which they sent packets with fictitious asset denominations. Thus, they were able to issue unbacked versions of saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH.

Reaction and Consequences

Axelar's Emergency Committee immediately disabled the Secret and Secret-SNIP connections to halt new unauthorized transfers. The team is actively coordinating with exchanges and law enforcement agencies to track the funds and facilitate their recovery. It is important to emphasize: the core Axelar protocol, other IBC connections, and native Secret Network assets were not affected.

Market and SCRT Token Reaction

Despite the report of the theft, the price of the native Secret Network token (SCRT) briefly surged nearly 6%, reaching $0.06. After a slight correction, the asset is trading around $0.058, maintaining a daily gain of about 3%. The current market capitalization is approximately $20 million. For comparison, at its all-time high in October 2021, SCRT was worth $10.64, which is 99.5% above current quotes. This suggests that the market perceived the news as a localized incident that does not threaten the project's fundamental value.

My expertise: This hack is a classic example of a vulnerability in smart contract logic related to insufficient validation of cross-network messages. Despite the prompt response, the incident underscores the critical need for auditing all IBC connections and contracts, especially those responsible for asset issuance. While the market remains calm, the long-term reputation of cross-chain infrastructure requires a fundamental strengthening of security measures.