The Axelar bridge connection to Secret Network was suspended on June 19 after a $4.67 million exploit involving an infinite-mint vulnerability. The attacker used forged IBC packets to mint unbacked wrapped assets through a modified CW20-ICS20 contract that failed to verify the source channel of incoming messages. The attack occurred on June 10 but went undetected until June 17, when the vulnerability was discovered and prompted the bridge suspension two days later. Cross-chain bridges remain a critical vulnerability point in crypto infrastructure, where message validation failures between ecosystems can enable attackers to manufacture assets on one chain and redeem real value from another.
Attacker Exploited Contract Validation Gap to Mint Unbacked Assets
The exploit centered on a modified CW20-ICS20 contract used for wrapped assets on Secret Network. The contract failed to properly verify the source channel of incoming IBC messages. The attacker created a private Cosmos chain and sent forged IBC packets to the Secret Network bridge. This allowed the minting of unbacked wrapped assets including saUSDT and saUSDC. In a normal bridge setup, wrapped tokens correspond to assets locked or escrowed elsewhere. The attacker bypassed this security assumption by injecting packets from a fake chain. Once the unbacked assets were minted, the attacker redeemed them against assets held in escrow, converting fake supply into real value.
Bridge Suspension Followed Week-Long Detection Delay
The attack occurred on June 10. The vulnerability was discovered on June 17. Axelar disabled the bridge connection on June 19 to contain the issue. The exploit went unnoticed for seven days before detection. The suspension was a containment measure rather than an immediate response to a real-time breach. The timeline demonstrates the challenge of monitoring cross-chain message flows for anomalous behavior.
Exploit Highlights Ongoing Bridge Security Vulnerabilities
Bridge incidents target the infrastructure layer between ecosystems rather than breaking layer-1 chains directly. Vulnerabilities can exploit assumptions between chains, message formats, wrapped token contracts and escrow balances. Wrapped assets carry additional smart contract and bridge risks beyond the underlying token. The incident underscores the need for strict channel validation, external monitoring and rapid circuit breakers when transfer behavior becomes abnormal. Bridge integrations require independent review when contracts are modified for specific ecosystems. Small changes in message validation can create large gaps between the supply users see on one chain and the assets backing that supply elsewhere.
FAQ
What caused the Secret Network Axelar bridge exploit on June 10?
The exploit was caused by a modified CW20-ICS20 contract on Secret Network that failed to properly verify the source channel of incoming IBC messages. The attacker created a private Cosmos chain and sent forged IBC packets to mint unbacked wrapped assets including saUSDT and saUSDC, then redeemed them against real assets held in escrow.
Why was the Secret Network Axelar bridge suspended on June 19?
Axelar suspended the bridge connection on June 19 as a containment measure after discovering the $4.67 million exploit on June 17. The attack had occurred on June 10 but went undetected for seven days before the vulnerability was identified and the bridge was disabled to prevent further losses.
How did the attacker bypass bridge security on Secret Network?
The attacker bypassed security by exploiting a validation gap in the CW20-ICS20 contract. By creating a private Cosmos chain and sending forged IBC packets, the attacker minted unbacked wrapped assets without corresponding locked or escrowed tokens on the other side of the bridge, then redeemed those fake assets for real value.
