Crypto news

21.06.2026
23:21

Axelar Bridge and Secret Network Hack: A $4.67 Million 'Infinite Mint' Attack

On June 19, blockchain infrastructure provider Axelar confirmed the exploitation of a critical vulnerability in the cross-chain bridge connecting its network to the Secret Network protocol. As a result of the attack, the perpetrator withdrew approximately $4.67 million by exploiting a bug known as an "infinite mint."

An analysis of the incident conducted by the team of Axelar's lead developer, Common Prefix, revealed that the vulnerability was located in a modified CW20-ICS20 smart contract on the Secret Network side, operating within the Cosmos IBC connection. The key error was the lack of verification of the channel from which the incoming transaction originated. This allowed the attacker to create a new Cosmos chain with a single validator and send fake packets with arbitrary asset denominations, effectively "minting" unbacked wrapped tokens (saToken).

Notably, the theft went unnoticed for seven days. This indicates an insufficient level of on-chain activity monitoring on the bridge side, which serves as a serious warning for the entire cross-chain solution ecosystem.

Scale and Consequences

Axelar's Emergency Committee promptly disabled the Secret and Secret-SNIP connections to prevent further unauthorized transfers. The team is currently coordinating with exchanges and law enforcement agencies to track the withdrawn funds. It is emphasized that the incident exclusively affected the assets saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH. The core Axelar protocol, other IBC connections, and native assets of the Secret Network remained untouched.

Despite the news of the hack, the market reacted paradoxically: the price of the Secret token (SCRT) briefly rose by nearly 6%, reaching $0.06. After a correction, the asset is trading around $0.058, maintaining a daily increase of approximately 3%. The project's market capitalization stands at about $20 million. For context, SCRT's all-time high in October 2021 was $10.64, which is 99.5% above current quotes.

Expert Commentary: This incident serves as yet another reminder that the security of cross-chain bridges remains the Achilles' heel of DeFi. The "infinite mint" vulnerability is a classic one, but its implementation in an IBC connection demonstrates that even time-tested protocols can contain hidden logical errors. The market, which ignores fundamental risks for short-term speculative gain, as seen with SCRT, often ends up losing out.