Axelar Reports $4.67 Million Bridge Hack with Secret Network

Axelar disclosed a hack involving its bridge with Secret Network, resulting in a loss of $4.67 million due to an infinite mint vulnerability.

On June 19, the blockchain project Axelar revealed a hack involving its bridge with the Secret Network protocol. The attacker siphoned off approximately $4.67 million by exploiting an "infinite mint" vulnerability.

We analyzed the Secret Network incident. An attacker exploited an infinite-mint bug in a modified CW20-ICS20 token contract on Secret to drain ≈$4.67M. The attacker minted arbitrary Secret-wrapped Axelar assets on Secret by spinning up a new Cosmos chain with 1 validator and… https://t.co/itCkRXjkkp
— Common Prefix (@CommonPrefix) June 19, 2026

The theft went unnoticed for seven days.

According to Common Prefix, the lead developer of Axelar, the bug was found in the ICS-20 smart contract on the Secret side of the Cosmos IBC connection. The algorithm created "wrapped" versions of assets (saToken) but did not verify the source channel of incoming transactions. This allowed the attacker to falsify deposits and issue tokens without backing.

Since the operations did not require permission, the attacker launched a Cosmos chain with a single validator, from which they sent packets with fake asset denominations.

The Axelar emergency committee disabled the connections to Secret and Secret-SNIP to halt further unauthorized transfers. The team is coordinating with exchanges and law enforcement to trace the funds and assist in their recovery.

According to the statement, the incident is limited to the coins saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH. The main Axelar protocol, other IBC connections, and native assets of the Secret Network remain unaffected.

Despite the theft report, the price of the Secret token (SCRT) briefly surged nearly 6%, reaching $0.06. After a correction, the asset is trading around $0.058, maintaining a daily increase of about 3%. Its market capitalization stands at approximately $20 million.

Source: CoinMarketCap.

For context, at its all-time high in October 2021, SCRT was priced at $10.64, which is 99.5% higher than its current quotes.

It is worth noting that in June, hackers attacked outdated contracts in the L2 network Aztec twice within a few days, resulting in losses of $2.19 million and $2.15 million.