Axelar Bridge Exploit Drains 4.67M From Secret Network

Axelar Bridge Exploit Drains 4.67M From Secret Network

An attacker exploited a missing validation check in Axelar’s bridge contract to mint approximately 4.67 million dollars worth of unbacked wrapped tokens on Secret Network, draining the escrow account across seven asset types before routing proceeds through multiple exchanges and privacy-mixing services. The exploit, executed on June 10, went undetected for seven days until a failed cross-chain transfer exposed the depleted reserves, prompting Axelar’s emergency committee to shut down connections to Secret Network and triggering investigations across multiple jurisdictions.

How the Attack Unfolded

The technical vulnerability centered on a fundamental validation failure in the bridge contract connecting Axelar to Secret Network. When the contract was adapted from an escrow model to a mint model for the Axelar integration, two critical validation functions were removed during the rework. The missing checks should have verified both the source channel through which a deposit arrived and the denomination path associated with that channel. Instead, the contract only compared a token’s name against an approved list, creating a fatal gap in cross-chain authentication.

The attacker exploited this gap by creating a custom single-validator Cosmos SDK chain and opening a new IBC channel directly to the vulnerable contract. By sending forged deposit packets through this unauthorized channel, the attacker bypassed the source channel validation that should have rejected any transfer originating outside the legitimate Axelar IBC path. This allowed the minting of unbacked wrapped tokens on Secret Network without corresponding real collateral in the Axelar escrow account.

Seven wrapped assets were targeted in the drain: saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH. The attacker redeemed these fabricated tokens for genuine assets held in the legitimate Axelar reserves, effectively converting false claims into real value extraction.

Detection and the Privacy Factor

What makes this incident particularly noteworthy is the detection lag created by Secret Network’s privacy architecture. Unlike public blockchains such as Ethereum where drained liquidity pools become immediately visible on-chain, Secret Network encrypts account balances by default. This privacy feature, central to the network’s value proposition, meant that the missing collateral remained invisible throughout the seven-day window between the initial exploit on June 10 and its discovery on June 17.

The vulnerability surfaced only when routine operations failed. On June 17, a normal cross-chain transfer initiated on Axelar returned an error message indicating that the Secret Network escrow account no longer held sufficient funds to process the redemption. Investigators traced the gap backwards to seven withdrawals made on June 10, establishing a direct timeline from exploitation to discovery.

This detection pattern reveals a structural challenge in cross-chain infrastructure: the systems designed to protect user privacy can simultaneously obscure infrastructure failures. Privacy and transparency exist in tension when applied to escrow accounts and collateral reserves.

Fund Movement and Recovery Prospects

Following the initial extraction, the attacker moved proceeds through Osmosis, a decentralized exchange on the Cosmos ecosystem, to establish a bridge to Ethereum. On Ethereum, stolen funds were swapped for ETH through CoW Protocol, a batch auction mechanism designed for optimal execution and MEV protection. The attacker then split the proceeds across approximately 30 wallets before funneling them into centralized exchanges: KuCoin, ChangeNow, and HitBTC.

At the time of the postmortem report published by blockchain research firm Common Prefix, approximately 770,000 dollars of the stolen funds remained in the attacker’s wallet on Axelar, suggesting partial proceeds had already been consolidated or moved further. The distribution across multiple exchange gateways and wallet addresses significantly complicates recovery efforts.

Axelar stated that it contacted relevant exchanges and law enforcement agencies while maintaining that its investigation remains ongoing. Secret Network identified the stolen assets and petitioned Axelar to implement emergency freezes or coordinate with its community to recover funds. Axelar declined to pursue this request, a decision that limits immediate recovery options.

Root Cause and Timeline Context

The vulnerability was not newly introduced. Common Prefix traced the missing validation checks to the contract’s initial deployment in early 2023. More critically, when Axelar performed a March 5 migration to update the bytecode for new features, the same validation gaps were carried forward into the updated version. No external security audit was commissioned by Axelar as part of the Secret Network bridge integration, representing a departure from standard practice for cross-chain infrastructure.

This incident marks a significant addition to the 2026 bridge exploit toll. Across the cryptocurrency ecosystem, bridge compromises have already drained over 340 million dollars in the first half of the year, making bridging infrastructure one of the highest-risk categories in decentralized finance.

What This Means for the Market

Despite the incident disclosure, both Axelar and Secret Network tokens gained value in the 24 hours following the postmortem publication. Axelar’s AXL token increased approximately 1.3 percent, while Secret’s SCRT token rose 5.6 percent over the same period. This counterintuitive price action may reflect either limited market impact from the disclosure or confidence in the isolated nature of the vulnerability.

Axelar has stated that no other parts of its network infrastructure appear compromised based on current findings, and the emergency committee’s decision to isolate Secret-related connections prevented further losses. The incident underscores the persistent tension between privacy mechanisms and operational transparency in cross-chain systems, a challenge that will likely shape bridge security standards moving forward.


Disclaimer: This content is for informational purposes only and does not constitute financial advice. Cryptocurrency markets are highly volatile and unpredictable. All trading decisions should be made based on your own research and risk tolerance. Block Digest is not responsible for any financial losses incurred as a result of acting on this content.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *