Secret Network experienced an “infinite mint” vulnerability that let a malicious actor create counterfeit Axelar‑wrapped tokens, causing a $4.67 million drain of assets.
Exploit Mechanics
The compromised smart contract failed to verify the origin of inbound transfers before minting, allowing the attacker to generate saTokens—such as saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH—without any underlying collateral. By redeeming these forged tokens through legitimate Axelar channels, the perpetrator siphoned the genuine wrapped assets held in escrow.
Blockchain analytics firm Common Prefix reported that the exploit occurred on June 10, but it remained hidden until June 17, when an “insufficient funds” error surfaced during a cross‑chain transaction. The error flagged the drained account and triggered the investigation that uncovered the infinite‑mint bug.
Broader Market Impact
DeFiLlama records this incident as the latest in a series of at least 22 crypto protocol breaches this month, joining attacks on Humanity Protocol ($32 million loss) and Syscoin Bridge ($8 million loss). Investors across the crypto market are closely monitoring the fallout, as such exploits can depress token prices and erode confidence in decentralized finance platforms.
Secret Network, a privacy‑focused layer‑1 blockchain built on the Cosmos ecosystem, now faces heightened scrutiny from regulators and users alike. The incident may pressure the network’s native token price, prompting investors to reassess risk exposure while the broader blockchain community seeks stronger security safeguards.