- Trending
- Comments
- Latest
Attackers exploited an infinite mint vulnerability in a customised token bridge connecting Secret Network and Axelar, draining approximately $4.67 million in assets before emergency measures halted further losses, blockchain security firm Common Prefix disclosed in June.
The exploit, which targeted a customized token bridge connecting Secret Network and Axelar, was disclosed in June following forensic investigations by blockchain security researchers.
The vulnerability allowed attackers to mint unbacked wrapped assets and drain liquidity from the protocol before emergency measures halted further losses.
The incident affected bridged assets on Secret Network but did not compromise Axelar’s core network infrastructure.
“The exploit specifically targeted assets transferred from the Axelar chain to Secret Network,”
Axelar said in its incident disclosure, noting that emergency committees subsequently disabled Secret-related bridge connections to contain the breach.
Security researchers at Common Prefix traced the incident to a modified implementation of the CW20-ICS20 smart contract used to facilitate inter-blockchain communication (IBC) transfers.
According to the firm’s technical assessment, developers had customized an existing Secret Network token standard to support Axelar-linked assets.
In the process, critical validation mechanisms designed to verify the origin of incoming cross-chain messages were removed or disabled.
As a result, attackers were reportedly able to establish a malicious Cosmos-compatible chain and generate unauthorized packets that the contract accepted as legitimate deposits.
“We analyzed the Secret Network incident. An attacker exploited an infinite-mint bug in a modified CW20-ICS20 token contract on Secret to drain approximately $4.67 million,”
Common Prefix, blockchain security consultancy, in a public analysis shared on social media.
Investigators said the flaw was not rooted in the Cosmos IBC protocol itself but in project-specific modifications introduced to accommodate interoperability requirements.
The Secret Network exploit joins a growing list of attacks that have targeted custom bridge implementations rather than base-layer blockchain consensus systems.
The latest breach arrives amid an increasingly difficult year for cross-chain protocols.
In April, Kelp DAO suffered what has been described as one of the largest DeFi exploits of 2026 after attackers drained roughly $292 million worth of rsETH through infrastructure powered by LayerZero.
The incident prompted multiple lending protocols to freeze affected markets and sparked industry-wide discussions about message verification standards.
Similarly, Syscoin paused its bridge operations earlier this month after a transaction validation weakness enabled attackers to mint approximately 5 billion unauthorized SYS tokens.
Project developers said the vulnerability stemmed from failures in proof verification mechanisms used by the bridge relay system.
Another interoperability setback emerged in May when attackers exploited Butter Network infrastructure associated with Map Protocol, minting an enormous supply of MAPO tokens that sent the asset tumbling by nearly 96% within hours.
Security analysts increasingly argue that interoperability layers remain one of the most vulnerable segments of decentralized finance because they aggregate liquidity pools and rely heavily on external validation assumptions.
While blockchain interoperability is widely viewed as essential for expanding liquidity and enabling seamless user experiences across ecosystems, recent exploits suggest many projects may still be prioritizing functionality over hardened security architectures.
Experts note that bridge designs frequently involve customized contracts, validators, relayers or messaging protocols, creating multiple attack surfaces that can be difficult to audit comprehensively.
The Secret Network incident demonstrates how relatively small code alterations can introduce systemic vulnerabilities with significant financial consequences.
For crypto investors, the exploit serves as another reminder that bridged assets often carry risks beyond those associated with holding native tokens directly.
As DeFi protocols continue to expand across multiple chains, market participants are expected to place increasing emphasis on independent audits, formal verification practices and real-time monitoring systems.
Industry observers say the coming months may determine whether developers can rebuild confidence in interoperability infrastructure or whether investors begin demanding more conservative approaches to cross-chain asset management.
Copyright © 2025 - The Bit Gazette.
