Crypto news

22.06.2026
02:07

Axelar and Secret Network bridge hack: 'infinite minting' vulnerability leads to $4.67 million loss

On June 19, the blockchain project Axelar disclosed a compromise of the bridge connecting it to the Secret Network protocol. As a result of the attack, the attacker withdrew approximately $4.67 million by exploiting a critical vulnerability known as "infinite mint." The incident went unnoticed for seven days, indicating insufficient monitoring responsiveness in this segment.

According to Axelar's lead developer, the Common Prefix team, the bug was discovered in the ICS-20 smart contract on the Secret side within the Cosmos IBC connection. The contract created "wrapped" versions of assets (saToken) but did not verify which channel the incoming transaction originated from. This allowed the attacker to falsify deposits and mint tokens without real backing. Since the operations required no permission, the attacker launched a separate chain in Cosmos with a single validator, from which they sent packets with fictitious asset denominations.

Axelar's Emergency Committee immediately disabled the Secret and Secret-SNIP connections to halt further unauthorized transfers. The team is coordinating with exchanges and law enforcement agencies to track the funds and facilitate their recovery. It is important to emphasize that the incident is limited to the coins saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH. The core Axelar protocol, other IBC connections, and native assets of the Secret Network are unaffected.

Despite the negative news, the price of the Secret token (SCRT) momentarily surged nearly 6%, reaching $0.06. After a correction, the asset is trading around $0.058, maintaining a daily gain of approximately 3%. The market capitalization stands at roughly $20 million. Meanwhile, at its all-time high in October 2021, SCRT was worth $10.64 — 99.5% above current quotes, indicating a deep bearish trend for this asset.

Analytical commentary: Incidents like this once again raise the issue of cross-chain bridge security, which remains one of the most vulnerable points in the DeFi ecosystem. The "infinite mint" vulnerability is a classic error related to insufficient validation of incoming data. Against the backdrop of SCRT's historical 99.5% decline from its peak, the market appears to have already priced in the risks of such failures, which explains the short-term rise after the incident was disclosed — investors may have perceived it as a "known unknown."