Axelar has confirmed a security incident leading to the loss of approximately $4.67 million in tokens, impacting the bridge between Axelar chain and Secret Network. Following the discovery, the company took swift emergency measures to shut down the compromised connection while addressing recovery efforts.
Details of the Exploit
The breach specifically targeted tokens bridged through the Inter-Blockchain Communication (IBC) protocol, highlighting a vulnerability within the bridge infrastructure. Axelar noted that the exploit stemmed from the Secret-side ICS-20 smart contract, which facilitates connections between Secret Network and the Axelar chain. This particular contract layer is crucial for managing fungible token transfers in the Cosmos IBC ecosystem.
When this contract is compromised, opportunities arise for unauthorized token distribution, bypassing the need to infiltrate the core validator set or consensus mechanisms of the interconnected chains. Axelar's identification of the issue as localized to this specific contract serves to delineate secure components of their ecosystem from those affected by the breach.
Immediate Response and Actions Taken
The emergency committee at Axelar acted promptly, disconnecting the Secret and Secret-SNIP connections immediately upon learning of the incident. This decisive action was intended to eliminate the compromised pathway, mitigating further exploitation risks while the investigation proceeds.
These measures, while necessary, may disrupt regular cross-chain interactions for users who depend on that channel for asset transfers. Nonetheless, taking the bridge offline was deemed essential to prevent additional losses as the team investigates the exploit's origin and assesses if other pathways might share similar vulnerabilities. Axelar has also reached out to various exchanges and law enforcement as part of its recovery initiative, aiming to flag stolen funds for tracking and potentially freezing assets handled through centralized platforms.
Impact on Overall Ecosystem
Despite this exploit, Axelar has emphasized that the core protocol remains unaffected and continues to operate securely. By defining the breach's specific scope, the company aims to reassure stakeholders regarding the integrity of their broader systems.



