Secret Network Axelar Bridge Suspended After $4.67M Infinite-Mint Exploit

TL;DR

• The Secret Network/Axelar bridge was suspended after a reported $4.67 million exploit.
• The attacker allegedly used forged IBC packets to mint unbacked wrapped assets.
• The timeline matters: exploit June 10, discovery June 17, bridge disabled June 19.

Bridge Security Comes Back Into Focus

The Axelar bridge connection to Secret Network has been suspended after a reported $4.67 million exploit involving an infinite-mint vulnerability on the Secret Network side of the integration. The incident is another reminder that cross-chain bridges remain one of crypto’s most fragile infrastructure layers, even when the core networks involved continue operating.

The exploit reportedly centered on a modified CW20-ICS20 contract used for wrapped assets on Secret Network. According to the source packet, the contract failed to properly verify the source channel of incoming IBC messages. That validation gap allowed an attacker to create a private Cosmos chain, send forged IBC packets and mint unbacked wrapped assets such as saUSDT and saUSDC.

How The Attack Reportedly Worked

In a normal bridge setup, wrapped tokens should correspond to assets locked or escrowed elsewhere. The key security assumption is that incoming messages are valid and come from approved routes. In this case, the attacker allegedly bypassed that assumption by injecting packets from a fake or private Cosmos chain.

Once the unbacked assets were minted, the attacker could redeem them against assets held in escrow, turning fake supply into real value. The exploit was not immediately detected. The timeline provided in the validation packet says the attack occurred on June 10, was discovered on June 17, and led Axelar to disable bridge connections on June 19 to contain the issue.

That sequence is important. This should not be framed as a breach that happened today. It was an earlier exploit that went unnoticed for several days before the bridge connection was suspended.

Why Bridge Bugs Remain So Costly

Bridge incidents are especially damaging because they sit between ecosystems. A vulnerability does not always need to break a layer-1 chain itself. It can exploit assumptions between chains, message formats, wrapped token contracts and escrow balances. When one piece fails, attackers can sometimes manufacture assets on one side and redeem value from another.

For DeFi users, the immediate lesson is that wrapped assets carry additional smart contract and bridge risks beyond the risk of the underlying token. For protocols, the incident underlines the need for strict channel validation, external monitoring and rapid circuit breakers when transfer behavior becomes abnormal.

The bridge suspension is a containment step, but the broader question is how affected liquidity providers, users and infrastructure partners handle losses, recovery and trust. Bridge exploits have repeatedly shown that crypto interoperability can create real utility, but only if the verification layer is treated as critical security infrastructure rather than a background integration detail.

It also shows why bridge integrations need independent review when contracts are modified for a specific ecosystem. A small change in message validation can create a very large gap between the supply users see on one chain and the assets actually backing that supply elsewhere. In bridge design, that gap is often where the worst losses begin.

This article was written by the News Desk and edited by Samuel Rae.