Secret Network Loses $4.67M to Infinite Mint Exploit

Secret Network Loses $4.67M to Infinite Mint Exploit — Cointelegraph.com News
Source: Cointelegraph.com News

An attacker exploited an 'infinite mint' bug in a Secret Network smart contract to create unbacked, wrapped versions of Axelar-wrapped assets, draining $4.67 million. The exploit occurred on June 10 and was discovered on June 17 after a failed cross-chain transaction triggered an 'insufficient funds' error, Common Prefix reported on Friday.

Because the contract did not verify the source of inbound transfers before minting, deposits forged over an attacker-controlled channel minted genuine saTokens with no assets backing them. The attacker then redeemed those Axelar-wrapped assets back through legitimate channels to drain the real assets held in escrow.

Tokens created without backing included saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB and sawstETH. The exploiter moved the proceeds to Ethereum, converted them to Ether, and split the funds among about 30 wallets before depositing into exchanges such as KuCoin, ChangeNow and HitBTC, Common Prefix said.

secret network, infinite mint, smart contract, axelar, wrapped assets, satokens, sausdt, saweth, escrow, kucoin