Secret Network announced the suspension of its Axelar cross‑chain bridge after an attacker exploited a long‑standing minting flaw, siphoning approximately $4.67 million in wrapped tokens.
Bridge Suspension and Discovery
Both Secret Network and Axelar confirmed the breach on June 19, revealing that the theft occurred through the Axelar‑to‑Secret IBC channel. The intrusion began on June 10 but remained hidden for a full week until a routine transfer failed, exposing the depleted escrow balance.
Underlying Vulnerability
Security firm Common Prefix traced the flaw to a customized CW20‑ICS20 contract that governs token transfers for the bridge. Two essential validation checks—one that should have matched token denominations with the source channel and another that should have limited outflows to the escrow’s actual holdings—were deliberately commented out.
The compromised contract was first deployed in March 2023 and persisted through a bytecode migration on March 5, 2026, which added new features but retained the missing safeguards. Secret Network’s default transaction encryption masked the growing deficit, allowing the attacker to operate unnoticed for seven days.
Impact on Investors and the Crypto Market
By creating a single‑validator Cosmos SDK chain and opening a fresh IBC channel to Secret Network, the perpetrator exploited the unchecked logic to mint unauthorized tokens. The incident has shaken confidence among investors, prompting a reassessment of bridge security across the blockchain ecosystem.
Market analysts predict heightened scrutiny of cross‑chain infrastructure, as the loss underscores the financial risks tied to vulnerable smart contracts. Secret Network’s reputation and token price may face pressure until robust remediation measures restore stakeholder trust.