Secret Network’s cross-chain bridge was drained of about $4.67 million after an attacker exploited an “infinite mint” vulnerability in a modified CW20-ICS20 token contract, according to security reports and statements from Axelar. The exploit occurred on June 10 and was detected on June 17, after a failed cross-chain transfer exposed irregular activity.

The incident removed unbacked wrapped Axelar assets from the Secret side of the bridge. It also highlights a recurring weakness in bridge and token-wrapping designs that support decentralized finance interoperability.

Modified Token Contract Enabled Unbacked Minting

Investigations indicate that the attacker exploited a forked token contract where key safeguards had been removed or commented out. Those missing protections included token-minting restrictions and IBC validation checks, creating the conditions for arbitrary wrapped-token creation.

According to Common Prefix, the attacker created a fake IBC channel and sent forged transfer packets that bypassed verification. That allowed the attacker to mint arbitrary saTokens without collateral, turning a validation failure into an infinite mint pathway.

Once the unbacked tokens were created, they were converted into liquid assets. The stolen holdings were primarily WETH, USDT and WBTC, showing how synthetic bridge assets can quickly become real market liquidity once routed through connected venues.

Chain-flow tracing published alongside the technical summaries showed the funds moving through Osmosis and into Ethereum. They were then split across roughly 30 wallets and deposited into exchanges including KuCoin, ChangeNow and HitBTC, making cross-chain traceability central to the response.

Axelar Says Core Protocol Was Not Compromised

Axelar clarified that its core protocol and the Inter-Blockchain Communication layer were not compromised. The company said the exploited smart contract was developed and maintained by a third party on the Secret Network side, drawing a distinction between core infrastructure and peripheral contract risk.

Axelar also said firewalling helped prevent contagion to other chains. That containment matters because bridge exploits can spread quickly when wrapped assets and liquidity pools connect multiple networks, making segmentation a critical defense against broader ecosystem damage.

The seven-day gap between the June 10 exploit and June 17 detection points to monitoring limitations. A failed cross-chain transfer ultimately surfaced the issue, suggesting automated alerting did not immediately capture the abnormal minting activity.

The breach underscores a structural risk in wrapped-asset models. A faulty contract on one chain can generate unbacked tokens that move through liquidity routes and create counterparty exposure beyond the original vulnerable environment.

Custom token implementations and IBC-handling logic require rigorous audits, while continuous monitoring and rapid response procedures are needed to limit asset movement during an active compromise.

When exploited funds reach centralized venues, recovery efforts depend on timely detection, wallet clustering and effective transaction controls.

More broadly, the loss shows that interoperability still depends on assumptions outside core protocol guarantees. As long as DeFi liquidity relies on bespoke contracts and wrapped assets, bridge security will remain a material source of operational and counterparty risk.