hacker

Hacker exploits vulnerability in Secret Network and causes nearly $5 million in damages

By Kim03 | Kim Crypto News | 23 Jun 2026

Exploitation of a Secret Network contract allowed the issuance of unbacked tokens and caused losses of US$4.67 million.


vulnerability in a smart contract used in the Secret Network allowed an attacker to create unbacked tokens and withdraw real assets held in custody. The incident resulted in estimated losses of US$4.67 million and made it one of the biggest security incidents recorded in the crypto market in June.

The vulnerability remained active for several days before being identified. According to the blockchain research firm Common Prefix , the attack occurred on June 10th, but only came to light about a week later, when movement between networks presented inconsistencies that caught the attention of investigators.

Secret Network is a privacy-focused blockchain developed within the Cosmos ecosystem. Axelar, on the other hand, acts as an interoperability network that facilitates communication between different blockchains.

Flaw allowed token issuance without guarantee.

According to the analysis released by Common Prefix, the problem lay in a contract responsible for issuing encapsulated versions of Axelar's assets within the Secret Network.

In practice, the system accepted certain transfers without properly validating their origin. This vulnerability allowed the attacker to simulate deposits and receive legitimate tokens in return, even without providing any real assets as collateral.

Among the assets created during the exploration were encapsulated versions of stablecoins and cryptocurrencies widely used in the market, including saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, and sawstETH.

The critical point of the incident lies precisely in the fact that these tokens were issued as if there were corresponding collateral. However, the assets that should have served as collateral were never deposited.

How were the funds withdrawn?

After improperly generating the tokens, the attacker used the bridge's own mechanisms to exchange the newly created assets for legitimate funds that remained locked in custody.


This process allowed real money to be removed from the system without raising immediate suspicion.

Once the fraud was complete, the assets underwent a new stage of movement. The funds were transferred to the Ethereum network and converted into Ether (ETH), a strategy frequently used to increase liquidity and facilitate future transfers.

The investigation also indicates that the funds ended up being distributed among approximately 30 different portfolios.

Experts consider this fragmentation a common technique to hinder forensic analysis and reduce the chances of fully tracing the assets.

Brokerage firms received a portion of the funds.

The investigators also identified movements involving well-known marketplace platforms.

According to Common Prefix, some of the funds passed through services like KuCoin, ChangeNow, and HitBTC after leaving the Secret Network.

To date, there is no publicly available information indicating the recovery of the embezzled funds.

Meanwhile, users who owned tokens from the saXXX family received alerts about potential impacts on assets held within the network.

Secret Network itself acknowledged that the incident affected the backing of these tokens and reported that some of the funds associated with them may have been lost.

Axelar claims that its infrastructure was not compromised.

The repercussions of the case led Axelar to publish an official statement clarifying its role in the incident.

The company stated that its infrastructure was not compromised and emphasized that the contract in question was not part of its core systems.

Furthermore, the network stated that its containment mechanisms prevented the problem from reaching other ecosystems connected through the platform.

According to the company, neither the communication protocol between blockchains nor the Axelar network itself were compromised during the attack.

Series of attacks worries the sector.

The Secret Network case comes at a delicate time for the digital asset industry.

Market surveys indicate that June saw dozens of security incidents involving protocols, bridges, and decentralized applications. Combined, these events caused millions of dollars in losses for users and companies in the sector.

Although the Secret Network breach did not directly affect the SCRT token, the incident increases the pressure on projects that rely on complex smart contracts and integrations between different blockchains.

For security experts, the incident reinforces a recurring concern: a single validation failure can lead to losses of millions of dollars, especially in systems responsible for moving assets between different networks.

As the blockchain ecosystem grows, attacks of this type continue to highlight the need for frequent audits , constant monitoring, and more rigorous verification processes in smart contracts that control high-value assets.


 

Bitcoin (BTC) Ethereum (ETH) Crypto News Blog

How do you rate this article?

3
Kim03
Kim03

I am a content producer. I also publish news content.

Kim Crypto News
Kim Crypto News

Blog about financial news, crypto, bitcoin,

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
Life's Little Irritations - On the Buses! Life's Little Irritations - On the Buses!
rah

rah

12 hours ago
5 minute read

Human-Centered Approach in the Age of Artificial Intelligence Human-Centered Approach in the Age of Artificial Intelligence
Perfectionist25

Perfectionist25

13 hours ago
2 minute read

“I Infiltrated an Instant Funding Prop Firm” “I Infiltrated an Instant Funding Prop Firm”
CubanCrypt

CubanCrypt

17 hours ago
2 minute read