Axelar discloses $4.7M theft in Secret Network bridge incident
In brief
- Axelar disclosed a $4.7 million security incident affecting IBC-bridged assets to Secret Network
- The breach was isolated to Secret's ICS-20 smart contract, not Axelar's core protocol
- Axelar disabled Secret connections and contacted exchanges and law enforcement
- No other IBC connections or integrations appear impacted by the theft
Incident Scope and Response
Axelar identified the issue as isolated to the Secret-side ICS-20 smart contract of the Cosmos IBC connection. This containment meant that no other IBC connections, Secret tokens, or Axelar integrations appeared to be impacted by the incident.
Axelar's emergency committee moved quickly. The team disabled the Secret and Secret-SNIP connections as an immediate precaution. Beyond that, Axelar contacted relevant exchanges and law enforcement authorities regarding the theft.
What's Next
Axelar said it is continuing its investigation and plans to release a detailed post-mortem once the review is complete. The disclosure underscores the risks inherent in cross-chain bridges, where smart contract vulnerabilities in one ecosystem can cascade into losses for users relying on interoperability protocols.
Secret Network is a standalone blockchain designed for privacy-by-default smart contracts, where transaction data is encrypted. Through its integration with Axelar, it enables private cross-chain communication, allowing applications to support use cases that require both privacy and interoperability. The incident highlights the need for rigorous security audits on bridge infrastructure, especially where encrypted protocols interface with external chains.
