Axelar Network Disables Secret Network IBC Bridge Following $4.67 Million Exploit

Axelar Network has taken decisive and immediate action to contain a significant security breach involving its Inter-Blockchain Communication (IBC) bridge with Secret Network. The incident resulted in the exploitation of approximately 4.67 million dollars worth of bridged assets, raising fresh concerns about the security of cross-chain infrastructure in the rapidly evolving blockchain ecosystem. The vulnerability was confined solely to a specific smart contract on the Secret Network side, with Axelar’s core protocol, validator network, and all other connections remaining fully secure and unaffected.

The vulnerability existed in a modified CW20-ICS20 token contract on Secret Network that handled wrapped versions of Axelar-bridged assets, including saUSDC, saUSDT, saWBTC, and others. These tokens were intended to offer privacy features through Secret’s SNIP-20 standard.

According to technical analysis, the attacker created a custom single-validator Cosmos SDK chain and opened a new IBC channel to the vulnerable contract. By sending forged deposit packets, they bypassed proper source channel and denomination path validation. This allowed the minting of unbacked wrapped tokens on Secret, which were later redeemed for real assets via the legitimate Axelar IBC channel.

The attack is believed to have occurred around June 10, 2026. Due to Secret Network’s privacy-by-default design, the incident went undetected for several days. The stolen funds were subsequently routed through Osmosis, bridged over to Ethereum, converted primarily into ETH, and distributed across multiple wallets.

Upon detection, Axelar’s emergency committee promptly disabled both the Secret and Secret-SNIP IBC connections to prevent any further losses. The team has notified major exchanges and law enforcement agencies and is collaborating with Secret Network on necessary contract upgrades and stronger validation measures before any potential reconnection.

Common Prefix, a key contributor to Axelar’s development, has published a detailed technical breakdown of the incident. Axelar emphasized the following:

• Its core protocol remained fully secure.
• No other chains, assets, or IBC connections were impacted.
• The issue was limited strictly to this specific bridge route.

The latest Axelar-Secret Network exploit reflects a broader trend of rising security incidents across the crypto industry in 2026. According to a recent report, crypto hacks in May 2026 alone surpassed $84 million, with bridge vulnerabilities and infrastructure weaknesses continuing to be among the most attractive targets for attackers.

This incident adds to the growing list of bridge-related exploits seen in recent years. According to the latest available industry reports, cross-chain bridge losses continue to represent a notable portion of overall crypto security incidents. While 2025 recorded a total of $3.218 billion in quantified crypto losses across 147 incidents, bridge protocols alone accounted for approximately $19.6 million across 5 documented events that year.

The Secret Network bridge exploit highlights persistent challenges in the interoperability space, particularly around permissionless IBC channel creation, thorough contract validation, and the trade-offs between privacy features and effective real-time security monitoring. Technical analysis shows that the vulnerable CW20-ICS20 contract had carried this flaw since its earlier versions, with a migration attempted in 2026 failing to fully close the verification gap.

• All other Axelar IBC connections and integrations continue to operate normally.
• Users who have assets bridged to Secret Network via Axelar should closely monitor official channels for updates and instructions.
• No action is required for users on other Axelar routes.

This event serves as a timely reminder of both the opportunities and risks in cross-chain interoperability. As the ecosystem grows, rigorous auditing, standardized security practices, and fast incident response will remain critical. Further updates from Axelar and Secret Network teams are expected in the coming days as investigations continue.