Secret Network bridge exploited for $4.7M with ‘infinite mint’ bug
An exploit of the Secret Network went undiscovered for a week as the hacker moved the loot into Ethereum and then to exchanges.
An attacker has used an “infinite mint” bug in a vulnerable smart contract on the Secret Network to create unbacked, wrapped versions of Axelar-wrapped assets, resulting in a $4.67 million exploit.
The exploit happened on June 10 but was discovered a week later on June 17, after a failed cross-chain transaction caused by an “insufficient funds” error in the drained account was detected, blockchain research firm Common Prefix reported on Friday.
The attacker redeemed the Axelar-wrapped assets (saTokens) back over legitimate channels to drain the real Axelar-wrapped assets held in escrow because the smart contract did not verify the source of the inbound transfer before minting, so “deposits forged over an attacker-controlled channel minted genuine saTokens with no assets backing them,” Common Prefix said.
Source: Cointelegraph →Related News
- 6 hours ago
Strategy's Saylor needs clarity in BTC pivot message to convince investors: Stan...
- 12 hours ago
Pakistan crypto chief seeks dialogue after scholar rules against crypto payments
- 15 hours ago
Cambridge study puts Ethereum near the lower end of PoS energy intensity
- 18 hours ago
RWA Perpetuals Trading Surpasses $100B as Tokenized Equities Lead Growth
- 20 hours ago
Bitcoin bulls Michael Saylor, Adam Back slam BIP-110 Ordinals proposal
