Secret Network suffered a $4.67 million exploit after an attacker abused a flaw in a token bridge contract tied to Axelar. The incident took place on June 10, yet detection came a week later after a failed transaction exposed missing collateral, according to a postmortem from blockchain research firm Common Prefix.

The attack targeted a modified CW20-ICS20 smart contract that handled cross-chain transfers between Secret and Axelar. The contract minted Secret-wrapped assets, known as saTokens, without verifying the source channel of incoming transfers. This gap allowed forged deposits to pass as legitimate.

Common Prefix stated that “deposits forged over an attacker-controlled channel minted genuine saTokens with no assets backing them.” The attacker then redeemed those tokens through a legitimate channel, which released real assets held in escrow on Axelar.

Attack structure relied on permissionless channels

The exploit depended on how interchain communication works. Inter-Blockchain Communication allows chains to open channels without permission. This design enables interoperability but requires strict validation at the contract level.

The attacker created a separate chain under their control and opened a connection to the vulnerable contract. The contract relied on token names rather than channel verification. That design treated tokens from a rogue channel as identical to those from the official Axelar connection.

Seven assets were affected: saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH. Each represented wrapped versions of assets bridged from Axelar into Secret. The attacker minted large amounts of these tokens without backing, then redeemed them to drain the real reserves.

The vulnerability was not recent. The flawed logic existed in the contract’s codebase since early 2023. A migration in March 2026 introduced changes to the contract but preserved the missing validation checks.

Funds moved across chains before conversion

Transaction tracing shows a structured flow of funds after the initial drain. The attacker moved assets from Secret to Axelar through legitimate channels. From there, funds passed through Osmosis using automated routing instructions embedded in transfers.

Assets reached the Ethereum network through multiple bridging paths. Tokens then converged in a single wallet. The attacker swapped them into Ether through on-chain liquidity protocols.

Roughly 2,350 ETH accumulated in the main wallet after conversions. The attacker split the balance into about 30 separate wallets. Transfers ranged between 50 and 139 ETH. The funds later reached centralized exchanges, including KuCoin, ChangeNow, and HitBTC.

Common Prefix documented that some assets remained on Axelar. These included smaller balances of WBTC, USDC, WBNB, and AXL.

Detection came after failed transaction

The exploit did not surface immediately. On June 17, a cross-chain transfer attempt failed due to insufficient funds in the Axelar escrow account. The error indicated that more assets were requested than existed in reserve.

Investigators traced the discrepancy back to June 10. They identified seven large withdrawals that matched the drained assets. The encrypted nature of balances on Secret delayed detection, since deficits did not appear as visible liquidity gaps.

The Secret team issued a warning after confirmation.

“If you hold Axelar-bridged saXXX tokens on Secret, please be aware their backing was affected, and your funds may be lost,” the project stated.

Response actions and attribution dispute

The Axelar Emergency Committee disabled the connection between the two networks after discovery. Cross-chain interface Squid removed Secret from its frontend. Both actions aimed to prevent further movement through the affected pathway.

Axelar stated that its core infrastructure remained intact.

“Neither Axelar nor IBC was compromised. The exploited token smart contract was not developed, deployed, or maintained by Axelar,” the team said.

It added that firewall mechanisms limited the spread to other chains.

Secret Network described the issue as a contract-level flaw introduced during adaptation of the bridge design. The contract shifted from an escrow-based model to a mint-based structure. Two validation checks that tied tokens to their origin channel were removed in that process.

The absence of a fresh audit after those changes contributed to the outcome. The forked contract altered security assumptions, yet no new review validated the updated logic.

Broader context and market impact

The exploit ranks among the larger incidents in June. Defillama data places it behind attacks on Humanity Protocol and Syscoin Bridge earlier in the month.

Token prices showed limited immediate reaction. Secret’s SCRT and Axelar’s AXL remained far below prior peaks despite short-term gains after disclosure. SCRT trades near $0.058, while AXL trades near $0.044 based on CoinMarketCap data.

The case highlights risks tied to cross-chain infrastructure and contract modifications. The underlying IBC protocol and Axelar network did not fail. The breach occurred at the application layer, where validation logic did not enforce channel-specific rules.

Yield Farming Explained - How to Earn Returns in DeFi | HODL FM NEWS
Discover yield farming in DeFi. Learn how to earn rewards by depositing crypto assets, understand the mechanics, and explore popular platforms like Uniswap.
hodl-post-imageHODL FM News: The Wildest Ride in the Crypto MarketTanya Petrusenko
hodl-post-image

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that, despite the nature of much of the material created and hosted on this website, HODL FM operates as a media and informational platform, not a provider of financial advisory services. The opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice, HODL FM strongly recommends contacting a qualified industry professional.