Crypto news

22.06.2026
01:47

The "infinite mint" vulnerability led to the hacking of the Axelar and Secret Network bridge: $4.67 million in damages.

хакеры hackers, перемещение средств 2

On June 19, 2026, the blockchain infrastructure project Axelar officially confirmed the exploitation of a critical vulnerability in the cross-chain bridge connecting its network to the confidential computing protocol Secret Network. The attacker managed to withdraw digital assets worth approximately $4.67 million by exploiting a bug known as an "infinite mint."

According to data provided by the development team Common Prefix — the main contributor to the Axelar protocol — the incident went unnoticed for seven days. The vulnerability was discovered in the ICS-20 smart contract deployed on the Secret Network side as part of the IBC connection within the Cosmos ecosystem. The key issue was the lack of verification of the incoming transaction channel: the contract created "wrapped" versions of assets (saToken) without checking the deposit source.

The attacker exploited this by launching their own chain in Cosmos with a single validator. Through it, they transmitted fake packets with fictitious asset denominations, allowing them to mint tokens without real backing. As a result, unbacked coins saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH were generated.

The Axelar Emergency Committee promptly disabled the Secret and Secret-SNIP connections to prevent further unauthorized transfers. The team is currently coordinating with cryptocurrency exchanges and law enforcement agencies to track the stolen funds and potentially recover them. It is important to emphasize that the main Axelar protocol, other IBC connections, and native assets of Secret Network were not affected.

The market reaction to the incident was unexpected. The price of the Secret token (SCRT) briefly surged nearly 6%, reaching $0.06. After a correction, the asset is trading around $0.058, maintaining a daily gain of approximately 3%. The market capitalization stands at about $20 million. It is worth noting that the current price is 99.5% below the all-time high of $10.64 recorded in October 2021.

My expert opinion: This incident is yet another reminder of the systemic risks associated with cross-chain bridges, especially those using modified contracts without proper security audits. The lack of incoming channel verification is a basic error that should not exist in protocols managing millions of dollars. Investors should be more cautious about projects whose bridges have not undergone multiple audits and lack proven transaction verification mechanisms.