Across Protocol Confirms Solana Bridge Attack; User Funds Safe

Editorial illustration for: Across Protocol confirms Solana bridge attack, user funds remain safe

In brief

  • Across Protocol detected attack on Solana bridge July 17 at 5:30 AM UTC, immediately disabling deposits.
  • User funds untouched; only Risk Labs relayer capital faced potential losses.
  • Protocol continues normal operations on Ethereum, Base, and other supported chains.
  • Post-mortem analysis forthcoming; team coordinating with security group SEAL_911.

Attack Details and Response

The incident was detected at approximately 5:30 AM UTC. All transactions completed before the attack were secured, and Solana deposits remain disabled until further notice.

The protocol continues to function normally on other supported chains like Ethereum and Base. This containment reflects how Across structures its operations across multiple chains independently.

Why User Funds Stayed Safe

Across uses an intent-based architecture where relayers fill orders using their own capital. The relayer absorbs the risk, not the user. Potential losses appear limited to funds associated with the relayer operated by Risk Labs, the foundation that supports Across Protocol.

This design decision proved critical. In many bridge exploits, users lose their deposits entirely. Here, the architecture shielded everyday users from direct exposure.

Track Record and Next Steps

Before this incident, Across Protocol had processed over $35 billion in transaction volume without a single exploit. That track record doesn't erase what happened, but it underscores that this wasn't a fundamental design flaw—it was a specific breach that security teams are now investigating.

The protocol employs an optimistic verification model powered by the UMA oracle. Across has stated that a full post-mortem analysis will be published in the coming days. The team is also working with SEAL_911, a well-known crypto security response group, to monitor addresses linked to the attack.