Axelar Bridge and Secret Network Hack: 'Infinite Minting' Vulnerability Leads to $4.67 Million Theft

On June 19, 2026, the blockchain project Axelar officially confirmed an incident involving the hack of a cross-chain bridge connecting it to the Secret Network protocol. The attacker managed to withdraw approximately $4.67 million by exploiting a critical vulnerability known as "infinite mint."
An analysis conducted by the Common Prefix development team showed that the bug was embedded in a modified CW20-ICS20 smart contract on the Secret Network side, operating within an IBC connection to the Cosmos ecosystem. The problem was that the algorithm responsible for creating "wrapped" versions of assets (saToken) did not verify the origin of incoming transactions. This allowed the attacker to falsify deposits and mint tokens without any real collateral.
To carry out the attack, the malicious actor launched their own chain with a single validator in Cosmos. From this chain, they sent packets with fake asset denominations, which the contract on Secret Network accepted as legitimate. The theft went unnoticed for seven days, highlighting serious gaps in security monitoring.
Reaction and Consequences
The Axelar Emergency Committee promptly disabled the Secret and Secret-SNIP connections to prevent further unauthorized transfers. The team is currently coordinating with exchanges and law enforcement agencies to track the stolen funds and potentially recover them.
It is important to note that the incident affected only the saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH coins. The main Axelar protocol, other IBC connections, and native assets of the Secret Network remained untouched.
Market Reaction
Despite the severity of the hack, the market reacted unexpectedly. The price of the Secret token (SCRT) surged nearly 6% at one point, reaching $0.06. After a correction, the asset is trading around $0.058, maintaining a daily gain of about 3%. The market capitalization stands at approximately $20 million.
For context: at its all-time high in October 2021, SCRT was worth $10.64, which is 99.5% above current quotes. This shows how far the project has fallen from its peak values.
My Analysis
This incident is yet another reminder that the complexity of cross-chain bridges makes them vulnerable to attacks, especially when modified contracts are involved. The "infinite mint" vulnerability is a classic problem that could have been detected during the audit phase. The market, apparently, has already priced such low expectations into SCRT that even this news did not cause panic. However, for the project's long-term reputation, this is a serious blow that could slow down the recovery of investor trust.