Crypto news

22.06.2026
01:17

The Axelar and Secret Network bridge was hacked for $4.67 million due to a critical vulnerability.

хакеры

On June 19, 2026, the Axelar blockchain infrastructure confirmed a hack of the cross-chain bridge connecting it to the Secret Network protocol. As a result of the attack, the perpetrator withdrew digital assets worth approximately $4.67 million, exploiting a so-called "infinite mint" bug.

The incident went unnoticed for seven days. The lead developer of Axelar, the Common Prefix team, identified that the vulnerability was located in a modified ICS-20 smart contract on the Secret Network side, used in the IBC connection of the Cosmos ecosystem. The problem was the lack of channel verification for incoming transactions — the algorithm that created "wrapped" versions of assets (saToken) did not verify the source of the deposit.

This allowed the attacker to falsify deposits and mint unbacked tokens. To execute the scheme, the hacker launched their own Cosmos chain with a single validator, from which they sent packets with fictitious asset denominations. The operations did not require permission, simplifying the exploitation of the bug.

Reaction and Consequences

The Axelar Emergency Committee immediately disconnected the Secret and Secret-SNIP connections to prevent further unauthorized transfers. The team is currently coordinating efforts with exchanges and law enforcement agencies to track the stolen funds and facilitate their recovery.

It is important to emphasize: the incident affected only the coins saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH. The main Axelar protocol, other IBC connections, and native assets of the Secret Network remained untouched.

Despite the report of the theft, the market reacted unexpectedly: the price of the Secret token (SCRT) momentarily surged nearly 6%, reaching $0.06. After a correction, the asset is trading around $0.058, maintaining a daily increase of approximately 3%, with a market capitalization of ~$20 million. However, it is worth noting that since its all-time high in October 2021 ($10.64), SCRT has lost over 99.5% of its value, highlighting its current vulnerability and volatility.

This hack serves as yet another reminder of the critical importance of smart contract auditing in cross-chain solutions. The "infinite mint" vulnerability in IBC connections is not new, but its recurrence in a project of Axelar's scale points to systemic risks associated with the rapid deployment of bridges without proper verification of asset issuance logic.