An attacker has used an “infinite mint” bug in a vulnerable smart contract on the Secret Network to create unbacked, wrapped versions of Axelar-wrapped assets, resulting in a $4.67 million exploit.
The exploit happened on June 10 but was discovered a week later on Wednesday, after a failed cross-chain transaction caused by an “insufficient funds” error in the drained account was detected, blockchain research firm Common Prefix reported on Friday.
The attacker redeemed the Axelar-wrapped assets (saTokens) back over legitimate channels to drain the real Axelar-wrapped assets held in escrow because the smart contract did not verify the source of the inbound transfer before minting, so “deposits forged over an attacker-controlled channel minted genuine saTokens with no assets backing them,” Common Prefix said.
You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.
Comments