Crypto news

21.06.2026
19:11

Exploit of the Axelar and Secret Network Bridge: A $4.67 Million Infinite Mint Attack

хакеры hackers, перемещение средств 2

On June 19, the blockchain infrastructure project Axelar officially confirmed a hack of the cross-chain bridge connecting its network with the Secret Network protocol. As a result of the attack, the attacker withdrew approximately $4.67 million by exploiting an "infinite mint" vulnerability.

Technical Details of the Exploit

My analysis shows that the incident went unnoticed for seven days. According to data from Axelar's lead developer, Common Prefix, the breach was discovered in the ICS-20 smart contract, modified for Secret Network as part of the IBC connection with the Cosmos ecosystem. The contract, responsible for creating "wrapped" assets (saToken), did not verify the origin channel of incoming transactions. This allowed the attacker to fake deposits and mint unbacked tokens.

Since operations in the protocol did not require permission, the attacker launched a new Cosmos chain with a single validator. Through it, they sent packets with fictitious asset denominations, effectively "printing" tokens out of thin air.

Scale and Response

Axelar's Emergency Committee promptly disabled all connections to Secret Network and Secret-SNIP to prevent further unauthorized transfers. The team is already coordinating with exchanges and law enforcement agencies to track the funds. It is important to emphasize that the incident only affected the coins saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH. The main Axelar protocol, other IBC connections, and native assets of Secret Network remained untouched.

Market Reacts Paradoxically

Despite the report of the theft, the price of the native Secret token (SCRT) jumped nearly 6% at one point, reaching $0.06. After a correction, the asset is trading around $0.058, maintaining a daily gain of approximately 3%. The market capitalization stands at about $20 million. Meanwhile, from its all-time high in October 2021 of $10.64, SCRT has collapsed by 99.5%.

График цены SCRT

This case serves as a reminder of the systemic risks posed by outdated or poorly tested smart contracts in cross-chain bridges. Earlier in June, hackers twice attacked outdated contracts in the L2 network Aztec, causing damages of $2.19 million and $2.15 million, respectively.

My expert assessment: This incident is another link in the chain of attacks on bridge solutions, which remain the most vulnerable point in DeFi infrastructure. The lack of verification of the incoming transaction channel is a crude but classic mistake. Investors should be more cautious about projects where wrapped assets are minted without strict verification. Until the Axelar team provides a full audit and a remediation plan, trust in the bridge will remain in question.