The vulnerability enabled an attacker to create unbacked wrapped assets and redeem them for genuine tokens held in escrow, ultimately draining millions of dollars from the system.
While Axelar emphasized that its core protocol remained secure and that the incident was isolated to a specific Secret Network contract, the breach has once again drawn attention to one of the cryptocurrency industry’s most persistent weak points: bridge security.
Long-standing contract weakness opens door to attack
According to blockchain security research firm Common Prefix, the Secret Network exploit targeted a modified CW20-ICS20 smart contract deployed on Secret Network, a privacy-focused blockchain built using the Cosmos SDK.
The vulnerable contract handled incoming IBC transfers and was responsible for minting wrapped versions of assets bridged from Axelar. However, researchers discovered that the contract failed to perform two critical checks before accepting transfer requests.
First, it did not verify whether incoming transfers originated from a legitimate Axelar-controlled IBC channel. Second, it lacked safeguards to ensure redemption requests could not exceed the amount of collateral available in escrow.
Those missing controls created an opportunity for malicious actors to fabricate transfer messages that appeared valid to the contract.
“The issue was fundamentally a message authentication failure,” Common Prefix explained in its technical analysis. Researchers noted that the contract relied on assumptions about upstream authentication that ultimately proved incorrect.
The oversight was not recent. Investigators traced the flaw back to public code commits dating to March 2023. More concerningly, a contract migration conducted in March 2026 reportedly retained the same vulnerable logic, allowing the weakness to persist unnoticed for years.
The discovery underscores how even mature blockchain infrastructure can harbor overlooked vulnerabilities capable of causing significant financial damage.
Fake IBC messages enabled creation of unbacked tokens
The mechanics behind the Secret Network exploit reveal a carefully executed attack that leveraged weaknesses in cross-chain message verification.
According to Common Prefix, the attacker created a minimal Cosmos-based blockchain controlled by a single validator. Using that chain, they established a new IBC connection with Secret Network and began transmitting fraudulent deposit packets.
Because the vulnerable contract failed to verify the source channel, it accepted the fake messages as legitimate bridge deposits.
As a result, the system minted wrapped tokens representing assets that had never actually been deposited.
The attacker then redeemed those newly created tokens through Axelar’s normal withdrawal process. Since the redemption mechanism treated the assets as valid, real funds locked in escrow were released to the attacker.
The stolen assets reportedly included seven major bridged tokens:
- Wrapped USDT
- Wrapped USDC
- Wrapped DAI
- Wrapped Ether (WETH)
- Wrapped Bitcoin (WBTC)
- Wrapped BNB (WBNB)
- Wrapped staked Ether (wstETH)
In total, approximately $4.67 million was removed from escrow accounts supporting the Secret-Axelar connection.
Security analysts say the Secret Network exploit demonstrates how attackers increasingly target peripheral infrastructure rather than attempting to compromise underlying blockchain consensus systems.
“The underlying protocol can remain secure while edge contracts expose user funds,” researchers noted.
Axelar moves quickly to contain damage
Following detection of the Secret Network exploit, Axelar activated its emergency response team and immediately severed the affected IBC route connecting Secret Network to its ecosystem.
In its public statement, Axelar stressed that the incident was limited to the Secret-side contract and did not impact the Axelar network itself.
“The issue is isolated to the Secret Network ICS-20 smart contract,” Axelar said. “Axelar’s core protocol, other chains, other IBC connections, and escrow accounts remain unaffected.”
The company also confirmed it is coordinating with exchanges, ecosystem partners, and law enforcement agencies as part of the ongoing investigation.
For users holding affected wrapped assets on Secret Network, however, the consequences are immediate. Because the escrow reserves backing those assets have been drained, redemption through the compromised route is no longer possible.
Recovery efforts may also face unique challenges because Secret Network’s privacy architecture encrypts balances and transaction details by default. Unlike most public blockchains, where investigators can easily track stolen funds, Secret Network’s privacy features make forensic analysis considerably more difficult.
Both Axelar and Secret Network have indicated that full post-mortem reports are being prepared.
Another wake-up call for cross-chain bridge security
Although the $4.67 million loss is modest compared with some of the industry’s largest bridge hacks, the Secret Network exploit arrives at a time when bridge-related vulnerabilities continue to plague the crypto sector.
Cross-chain bridges remain essential infrastructure for moving assets between blockchains, but they also represent one of the industry’s most attractive attack surfaces.
The incident follows several notable security failures in 2026. Earlier this month, a validation flaw forced a Syscoin bridge to pause operations after an attacker minted billions of unauthorized SYS tokens. In February, decentralized finance protocol CrossCurve suffered losses estimated at roughly $3 million after smart contract vulnerabilities were exploited, according to security firm Halborn.
Cybersecurity experts have repeatedly warned that message validation remains one of the most critical components of bridge security.
As Secret Network exploit investigations continue, the event serves as a reminder that a single overlooked assumption can undermine an entire cross-chain system. Even when a protocol’s core architecture remains uncompromised, vulnerabilities within supporting contracts can expose millions of dollars in user funds.
For developers and investors alike, the lesson is becoming increasingly clear: securing blockchain bridges requires more than protecting the primary protocol. Every contract involved in inter-chain communication must be subjected to rigorous validation, auditing, and continuous monitoring.
The latest Secret Network exploit may have been contained, but its implications are likely to reverberate across the Cosmos ecosystem and the broader digital asset market for months to come.
