Axelar Network confirmed a $4.67 million exploit targeting a cross-chain bridge to Secret Network, disclosing that an attacker had exploited a vulnerability in the ICS-20 smart contract to mint counterfeit bridged assets and drain funds over a period of roughly seven days before detection.

The attack, which took place around June 10, highlights the persistent security risks in cross-chain infrastructure as decentralized finance continues to grow. Axelar said its core protocol was not affected, but it immediately disconnected its bridge to Secret Network after identifying the breach and initiated a full audit of the relevant smart contract.

The attacker used an unusual method: launching a new Cosmos-based chain with a single validator, then self-relaying fraudulent messages across the network. That technique allowed the minting of arbitrary Secret-wrapped Axelar assets without the oversight of the bridge's standard multi-party verification process.

Secret Network, a privacy-focused blockchain, has not commented publicly on the exploit. Initial estimates by blockchain security firms indicate the attacker absconded with a mix of assets including AXL, the native token of the Axelar Network, as well as other bridged tokens denominated in U.S. dollars.

The incident is the latest in a string of bridge-related hacks that have drained billions of dollars from decentralized finance platforms since 2021. While aggregate bridge volumes have slowed, individual exploits remain highly profitable and technically sophisticated.

Axelar has not indicated whether it will reimburse affected users. The company's insurance protocol covers some bridge endpoints, but its application to this specific exploit is still under review. Market participants are watching whether the incident triggers broader outflows from cross-chain DeFi products.

Image source: v3b.fal.media