--- title: "Secret Network Suffers $4.67M Loss in Bridge Exploit" date: 2026-06-22 author: "Kelvin Scott" featured_image: "https://coinlaw.io/wp-content/uploads/2026/06/secret-network-suffers-4-67m-loss-in-bridge-exploit.jpg" categories: - name: "Cryptocurrency" url: "/crypto.md" tags: - name: "News" url: "/tag/news.md" --- # Secret Network Suffers $4.67M Loss in Bridge Exploit A vulnerability in a Secret Network bridge contract allowed an attacker to mint unbacked assets and steal approximately $4.67 million worth of cryptocurrency. ## Key Takeaways - Secret Network suffered a $4.67 million exploit after an attacker abused an infinite mint vulnerability in a token contract. - The exploit occurred on June 10 but remained undiscovered for about a week until a failed transaction exposed the issue. - The attacker created unbacked versions of several Axelar wrapped assets and redeemed them for legitimate funds held in escrow. - Axelar confirmed its network and the broader IBC protocol were not compromised during the incident. ## What Happened? Secret Network has disclosed a security incident that resulted in the loss of approximately **$4.67 million** after an attacker exploited a flaw in a bridge related smart contract. The exploit enabled the creation of **unbacked wrapped assets** that were later exchanged for real assets held in escrow. The issue remained hidden for seven days before being detected on June 17, when a failed cross chain transaction generated an insufficient funds error, prompting further investigation into the bridge’s reserves. > We have identified an incident affecting assets bridged over IBC to Secret Network from the Axelar chain, with approximately $4.67M worth of tokens taken. Based on current information, the issue is isolated to the Secret-side ICS-20 smart contract of the Cosmos IBC connection… > > — Axelar Network (@axelar) [June 19, 2026](https://x.com/axelar/status/2067965810174214451?ref_src=twsrc%5Etfw) ## How the Exploit Worked? According to blockchain security researchers at Common Prefix, the vulnerability existed in a modified **CW20 ICS20 token contract** on the Secret Network side of the Cosmos ecosystem. The contract was responsible for minting Secret wrapped versions of Axelar bridged assets, commonly known as **saTokens**. However, the contract failed to verify the source channel of incoming transfers before minting new tokens. > We analyzed the Secret Network incident. An attacker exploited an infinite-mint bug in a modified CW20-ICS20 token contract on Secret to drain ≈$4.67M. The attacker minted arbitrary Secret-wrapped Axelar assets on Secret by spinning up a new Cosmos chain with 1 validator and… > > — Common Prefix (@CommonPrefix) [June 19, 2026](https://x.com/CommonPrefix/status/2068109418550489480?ref_src=twsrc%5Etfw) This oversight allowed the attacker to forge deposits and create legitimate looking **saTokens** without depositing any real assets as collateral. Researchers explained that the attacker launched a [Cosmos chain](https://coinlaw.io/cosmos-statistics/) with a single validator and used it to send packets containing fake asset denominations. Because the contract did not properly validate the source of these messages, it minted genuine saTokens backed by nothing. Once the fraudulent tokens were created, the attacker redeemed them through legitimate Axelar channels, draining real assets held in escrow. ## Assets Affected and Fund Movements The exploit impacted several Axelar wrapped assets on Secret Network, including: - **saUSDT** - **saUSDC** - **saDAI** - **saWETH** - **saWBTC** - **saWBNB** - **sawstETH** After obtaining the assets, the attacker bridged them to Ethereum and converted the funds into **[Ether (ETH)](https://coinlaw.io/ethereum-statistics/)**. Blockchain analysis showed that the stolen funds were distributed across roughly 30 wallets, likely in an effort to obscure their origin. Some of the funds were later transferred to cryptocurrency platforms including **[KuCoin](https://coinlaw.io/kucoin-exchange-statistics/)**, **ChangeNow**, and **HitBTC**. ## Emergency Response From Secret Network and Axelar Following the discovery, **Secret Network** warned users that affected Axelar bridged **saTokens** may no longer be fully backed and that holders could face losses. The network clarified that its native **SCRT** token was not affected by the exploit. Axelar also issued a statement after reports of the breach created confusion within the community. The team stated: “ Neither Axelar nor IBC was compromised. The exploited token smart contract was not developed, deployed, or maintained by Axelar. Axelar’s firewalling prevented the impact from spreading to other chains. Axelar Axelar’s emergency committee reportedly disabled the Secret and Secret SNIP connections to prevent additional unauthorized transfers. The team is also working with exchanges and law enforcement agencies to track and potentially recover the stolen funds. ## Growing List of Crypto Exploits The Secret Network incident is among the largest cryptocurrency exploits reported this month. Data from DeFiLlama shows that more than 20 protocol hacks and exploits have already occurred during the period. Only the [**Humanity Protocol** exploit](https://coinlaw.io/humanity-protocol-h-token-crashes-30m-hack/), which resulted in losses of about **$32 million**, and the **Syscoin Bridge** attack, which caused roughly **$8 million** in losses, exceeded the size of the Secret Network breach. Despite news of the exploit, SCRT briefly climbed nearly 6% before settling around $0.058. The token remains approximately 99% below its all time high reached in 2021. ![Scrt Token Price 22nd June](https://coinlaw.io/wp-content/uploads/2026/06/scrt-token-price-22nd-june.jpeg)Image Credit – [CoinGecko.com](https://www.coingecko.com/en/coins/secret?chart=type%3Dprice%26mode%3Dline%26timeframe%3Dd30) ## CoinLaw’s Takeaway In my experience, incidents like this highlight a recurring issue in crypto security. Many major losses do not come from breaking core blockchain infrastructure but from mistakes in surrounding smart contracts and bridge implementations. I found it notable that neither **Axelar** nor the broader **IBC framework** was compromised, yet a single validation failure was enough to put millions of dollars at risk. This case serves as another reminder that even small contract level oversights can have massive financial consequences for users and protocols. Definition of Blockchain. Link to full glossary entry follows the description.**Blockchain**A distributed digital ledger that records transactions across a network, with each block cryptographically linked to the previous one for security. [Read more](https://coinlaw.io/glossary/blockchain/) Definition of Smart Contract. Link to full glossary entry follows the description.**Smart Contract**A smart contract is a self-executing program stored on a blockchain that automatically enforces agreement terms when predefined conditions are met, without intermediaries. [Read more](https://coinlaw.io/glossary/smart-contract/) Definition of Cross-Chain. Link to full glossary entry follows the description.**Cross-Chain**Cross-chain is the ability to move data or assets between separate blockchains via bridges, messaging protocols, or interoperability networks. [Read more](https://coinlaw.io/glossary/cross-chain/)