An attacker exploited an "infinite mint" bug within a vulnerable smart contract on the Secret Network, resulting in a $4.67 million loss. This incident was uncovered following a failed cross-chain transaction linked to an "insufficient funds" error on June 10.
The malicious actor minted unbacked Axelar-wrapped assets, allowing them to convert these into genuine assets without appropriate verification. They then transferred these assets to the Ethereum blockchain, splitting them across approximately 30 wallets and depositing the funds into various exchanges.
Though the Secret Network's token (SCRT) remained unaffected, its value has dropped 99% since its all-time high, currently priced at $0.058. Similarly, Axelar's token (AXL) has declined 98% from its peak, now trading at $0.045.
Axelar confirmed that the incident did not compromise its network or IBC (Inter-Blockchain Communication) system and clarified that the exploited contract was not associated with their platform.
![Stolen funds split into multiple wallets for obfuscation. Source: Common Prefix]