Crypto news

22.06.2026
07:48

Axelar Bridge and Secret Network Hack: Infinite Minting Vulnerability Leads to $4.67 Million Loss

On June 19, 2026, I recorded a serious incident in the infrastructure of the Axelar cross-chain protocol. An attacker successfully exploited a vulnerability in the bridge connecting Axelar to the Secret Network and withdrew funds worth approximately $4.67 million. A critical bug, known as "infinite mint," went unnoticed for seven days.

As my analysis showed, the problem lay in the modified CW20-ICS20 smart contract on the Secret Network side, used within the Cosmos IBC connection. The contract was responsible for creating "wrapped" assets (saToken) but did not verify the incoming transaction channel. This allowed the attacker to fabricate deposits and mint tokens without any real collateral.

The attacker acted ingeniously: they launched their own chain in the Cosmos ecosystem with a single validator, then sent packets from it with fictitious asset denominations. Since the operations required no permission, the vulnerability was fully exploited.

The Axelar Emergency Committee promptly disabled the Secret and Secret-SNIP connections to prevent further unauthorized transfers. The team is now coordinating with exchanges and law enforcement agencies to track and recover the funds.

It is important to emphasize: the incident only affected the coins saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH. The main Axelar protocol, other IBC connections, and native Secret Network assets remained untouched.

The market reacted to the news paradoxically: the price of the Secret token (SCRT) jumped nearly 6% to $0.06. After a correction, the asset is trading around $0.058, maintaining a daily gain of about 3%. The market capitalization is approximately $20 million. For context: at its all-time high in October 2021, SCRT was worth $10.64 — current levels are 99.5% lower.

My expert opinion: This incident is yet another reminder that the complexity of cross-chain infrastructure often becomes its Achilles' heel. Vulnerabilities like "infinite mint" are particularly dangerous as they allow creating assets out of thin air. Investors should pay attention to how project teams test their smart contracts under edge conditions, especially in bridge solutions where the risk of centralization and code errors is highest. Until the market demands stricter audits and security standards, such attacks will continue to occur.