Axelar Bridge and Secret Network Hack: 'Infinite Mint' Vulnerability Cost $4.67 Million

On June 19, the blockchain infrastructure project Axelar officially confirmed the hack of a cross-chain bridge connecting its network with the Secret Network protocol. As a result of the attack, the attacker withdrew approximately $4.67 million by exploiting a critical vulnerability known as "infinite mint."
Attack Details and Technical Background
The incident went unnoticed for seven days, indicating the complexity and stealth of the attack vector. An analysis conducted by the Common Prefix team—the primary developer of Axelar—showed that the bug was embedded in the ICS-20 smart contract deployed on the Secret Network side as part of the IBC connection with the Cosmos ecosystem. The issue was that the contract, which creates "wrapped" versions of assets (saToken), did not verify the origin channel of incoming transactions. This allowed the attacker to fake deposits and mint tokens not backed by real assets.
To execute the attack, the attacker created their own chain in Cosmos with a single validator. Through this chain, they sent packets with fictitious asset denominations, which the contract on Secret Network accepted as legitimate, issuing unbacked saTokens. Thus, the attacker was able to mint arbitrary amounts of wrapped versions of Axelar assets.
Reaction and Consequences
Axelar's Emergency Committee promptly disabled connections to Secret Network, including Secret-SNIP, to prevent further unauthorized transfers. Currently, the team is coordinating efforts with exchanges and law enforcement agencies to track the stolen funds and potentially recover them.
It is important to emphasize that the incident only affected specific tokens: saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH. The core Axelar protocol, other IBC connections, and native assets of Secret Network remained unharmed. This indicates that the vulnerability was isolated and did not affect the fundamental infrastructure.
Market and SCRT Price
Despite such a serious incident, the price of the Secret Network native token (SCRT) showed a paradoxical reaction. At one point, SCRT surged nearly 6%, reaching $0.06. After a correction, the asset is trading around $0.058, maintaining a daily gain of about 3%. The market capitalization is approximately $20 million. For context, at its all-time high in October 2021, SCRT was worth $10.64, which is 99.5% above current levels.
My expert commentary: Incidents like this are yet another reminder that even in mature ecosystems like Cosmos IBC, smart contract security issues remain critical. The "infinite mint" vulnerability is a classic case, but its successful exploitation over a week points to gaps in monitoring and response. The market, in turn, is often irrational: the short-term rise in SCRT may be driven by speculative buying on news of the vulnerability being fixed, rather than a fundamental risk assessment. Investors should exercise caution with assets dependent on cross-chain bridges until the industry develops unified standards for auditing and emergency response.