Gushiken Yona
A blog post published September 21 by Shiba Inu core developer Kaal Dhairya details the technical specifics of a security exploit on the Shibarium bridge, confirming an attacker used unauthorized validator power on September 12 to maliciously withdraw assets and outlining an ongoing investigation with external security specialists. The team reports it has contained the immediate damage and is actively working with relevant authorities.
Key Points:
- An attacker used compromised validator signing power to push a malicious exit through the Proof-of-Stake bridge on September 12.
- Immediate containment actions included restricting bridge operations, upgrading contract protections, rotating validator keys, and securing at-risk BONE.
- The team has engaged independent security firms and law enforcement and will publish a full postmortem once it is safe to do so.
Incident Details Revealed
According to the latest blog, the Shibarium bridge exploit occurred at 18:44 UTC on September 12. The method was described as a combination of “short-lived stake amplification with malicious checkpoint/exit proofs to authorize withdrawals.” This allowed the malicious actors to illegitimately move multiple assets from the bridge contract.
Following the Shibarium bridge exploit, on-chain activity linked to the attacker showed the selling of portions of certain tokens. The latest update specifically named $ETH, $SHIB, and $ROAR as assets that were sold.
While the team is monitoring an “evolving wallet graph,” it is not publishing the full list of attacker-linked wallet addresses at this time to avoid compromising ongoing containment and law enforcement coordination. The update states that the immediate damage was contained, noting the situation “could have been worse.”
Immediate Defensive Actions
Dhairya’s latest update, moreover provides a detailed list of containment measures the Shiba Inu core development team executed immediately following the incident. These actions were broken down into several categories.
- Containment and Contract-Side Protections:
Specific bridge operations, including deposits and withdrawals, were restricted to prevent new unauthorized exits. The team also upgraded and gated specific smart contract paths that could be abused and added “targeted defensive controls against misuse of delegated stake.” - Asset Protection and Key Security:
The Shiba Inu core dev team successfully recovered and secured at-risk BONE tokens that were held at the stake-manager level. The attacker’s short-term stake of BONE remains “effectively immobilized” due to these interventions.
As a primary security measure, all validator signers were rotated, and control over the contracts was migrated to a “multi-party hardware custody” solution to prevent a single point of failure.
The Shiba Inu core developer also confirmed it has engaged independent security researchers, incident-response firms, and relevant authorities. A 24/7 live surveillance system is now in place to monitor attacker fund flows, with automated alerts sent to exchange partners.
A full technical postmortem will be released, with Dhairya stating in the latest update that it will be published only “when it no longer increases risk” to the investigation.
Follow on X
Follow on Instagram
Read More
- Italian Banks Back Digital Euro but Push to Spread High Implementation Costs
- UK MP Demands Shut Down of Elon Musk’s Grok After “Rape Enabler” Claim
- Samourai Wallet Developer Sentenced 5 Years for $200M Crypto Laundering
- Binance Founder Zhao Says He Was “Surprised” by Trump Pardon, Denies Ties
- Tinder AI Could Access Your Photos, Raising Privacy Questions for Love
Yona has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Daily is an official media and publication of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
