BlockBeats News, June 21st. Blockchain research firm Common Prefix revealed that on June 10th, hackers exploited a vulnerability in the Secret Network and Axelar cross-chain bridge contract, creating fake deposits and minting uncollateralized tokens, then cashing out approximately $4.67 million. The attack went unnoticed for seven days until a normal cross-chain transfer failed on June 17th due to insufficient funds in the custodial account, exposing the anomaly.

The root cause of the vulnerability was the removal of two key functions responsible for verifying the source of transfers when the contract transitioned from a custodial to a minting model. Moreover, the contract had not undergone any external audits since its deployment in early 2023. Secret Network stated that Axelar's bridging infrastructure failed to trigger any effective anomaly detection or emergency pause mechanism before a large-scale asset theft.

The stolen funds were routed through Osmosis to Ethereum, exchanged for ETH on the CoW Protocol, and then decentralized into exchanges such as KuCoin, ChangeNow, and HitBTC. Approximately $672,000 is still held in the attacker's Axelar wallet. Secret Network has requested Axelar to freeze this address, but the request was denied.

Axelar emphasized that its core protocol was never compromised, and the exploited contract was not developed or maintained by Axelar. Axelar has currently disabled the relevant cross-chain connections and stated that they are coordinating with exchanges and law enforcement for further actions.