Crypto news

21.06.2026
22:01

Axelar and Secret Network Bridge Hack: 'Infinite Minting' Vulnerability Leads to $4.67 Million Loss

hackers, fund transfer

On June 19, the blockchain infrastructure project Axelar officially confirmed a hack of the cross-chain bridge connecting its network with the Secret Network protocol. The attacker managed to withdraw approximately $4.67 million by exploiting a critical vulnerability known as "infinite mint."

According to the analytical team Common Prefix, which is a key developer of Axelar, the breach was discovered in the ICS-20 smart contract deployed on the Secret Network side as part of the IBC connection within the Cosmos ecosystem. The contract was responsible for creating "wrapped" versions of assets (saToken) but did not verify the channel from which incoming transactions originated. This allowed the attacker to fake deposits and mint tokens without real backing.

Since operations on the Secret Network did not require permission, the hacker launched their own Cosmos chain with a single validator. From this chain, they sent packets with fake asset denominations, leading to uncontrolled token issuance.

The theft went unnoticed for seven days. The Axelar Emergency Committee promptly disabled the Secret and Secret-SNIP connections to prevent further unauthorized transfers. The project team is coordinating with cryptocurrency exchanges and law enforcement agencies to track the stolen funds and facilitate their recovery.

The incident only affected the coins saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH. The main Axelar protocol, other IBC connections, and native assets of the Secret Network remained untouched.

Despite the report of the theft, the price of the Secret (SCRT) token momentarily rose nearly 6%, reaching $0.06. After a correction, the asset is trading around $0.058, maintaining a daily gain of about 3%. The market capitalization stands at approximately $20 million. Meanwhile, SCRT's all-time high in October 2021 was $10.64 — 99.5% above current quotes.

My analysis: This case once again highlights the systemic security issue of cross-chain bridges, especially those using custom contracts without proper auditing of input channels. The "infinite mint" vulnerability is a classic error that could have been prevented with more thorough testing during the deployment phase. Interestingly, the market responded to the news with a rise in SCRT, which may indicate low demand elasticity or community confidence in the team's ability to resolve the issue without long-term consequences for the network.