Skip to main content
Sign in
Alephium Bridge1 decision on this page

Audit log

Every state-changing event for Alephium Bridge: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-06-03 12:19:09Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 424,025,297
    sig
    2hb3t9Zpe9kn…qVHsXS4Cexplorer ↗
    hash
    8yq4ocrHdAby…8PLrNZMhsha256 → base58
    verifying row…full verify ↗
    canonical bytes (20596 B) ▸
    {"actor":"system:backfill","investigation_id":"022ba482-a658-49f4-bcbb-ff425eb9bc1b","kind":"publish","page_slug":"alephium-bridge","published_at":"2026-06-03T12:19:09.438Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Alephium Bridge","sections":[{"content":"The Alephium TokenBridge is a lock-and-mint cross-chain bridge built on a fork of the Wormhole open-source protocol. When a user sends tokens across chains, the originating chain locks them in a custody contract, and a guardian network validates the event by producing Verifiable Action Approvals (VAAs) — multisignature attestations that authorize minting of wrapped equivalents on the destination chain. Alephium's deployment launched with four guardians operating under a proof-of-authority model requiring a supermajority quorum (floor(4 x 2/3) + 1 = 3 signatures). This is a significantly smaller guardian set than the mainline Wormhole deployment, which uses 19 guardians with a 13-signature quorum. The four guardian operators at the time of the exploit were: Bity (a Swiss regulated crypto broker founded in 2014), Alt (formerly Altconomy, a Swiss financial intermediary founded in 2017), NoTrustVerify (a community infrastructure operator), and Alephium's own core team node. Alephium's official bridge documentation stated that guardians could not directly withdraw funds and that the strict VAA payload format made fabrication of fraudulent messages 'extremely difficult.'","heading":"Bridge Architecture and Guardian Network","severity":"medium","sources":[{"credibility":1,"name":"The Alephium Bridge — official Alephium blog post","type":"official","url":"https://alephium.org/news/post/the-alephium-bridge-a787d90b2e4a/"},{"credibility":2,"name":"Alephium Bridge Loses $815K to Forged Guardian Messages, Not Stolen Keys — The Defiant","type":"news_article","url":"https://thedefiant.io/news/hacks/alephium-bridge-815k-forged-guardian-messages"}]},{"content":"On May 30, 2026, the Alephium TokenBridge was exploited in a coordinated attack that lasted approximately seven minutes. According to on-chain analysis published by Alephium on June 3, 2026, the attack followed a multi-phase preparation sequence before the main drain. At approximately 02:36:23 UTC, the attacker purchased 485.19 wrapped ALPH (wALPH) on Ethereum via Uniswap using 0.01 ETH — a likely reconnaissance step. At approximately 06:30:47 UTC, the attacker deployed a contract containing a single function designed to emit fake Wormhole messages using the LOG7 opcode, simulating legitimate cross-chain events. Between 07:00 and 09:00 UTC, the bridge network reportedly experienced connection issues, causing the system to switch to backup checks — a period that may have been exploited or coincident with the attack preparation. The main drain occurred between approximately 09:16:59 and 09:17:59 UTC on Ethereum: USDT (200,967.31), WBTC (0.33531483), USDC (17,594.63), and WETH (5.18192421) were unlocked from custody. At 09:17:59 UTC, 13,757,076.37 wALPH were minted to the attacker on Ethereum with no corresponding ALPH locked on the Alephium chain — a sum exceeding the prior entire circulating wrapped supply of approximately 12.85 million. Seconds later, the BNB Chain side was drained of 36,750.106 USDT and 24.38620961 WBNB. The bridge was detected and flagged by blockchain security firm Blockaid, which alerted SEAL 911 (the Security Alliance's emergency response group). The bridge was subsequently shut down.","heading":"May 30, 2026 Exploit — Attack Sequence","severity":"critical","sources":[{"credibility":2,"name":"Bridge Breach Unpacked: Alephium Traces $815K Hack Step by Step — Crypto Times","type":"news_article","url":"https://www.cryptotimes.io/2026/06/03/bridge-breach-unpacked-alephium-traces-815k-hack-step-by-step/"},{"credibility":2,"name":"Alephium Bridge Exploited for $815K, 13.76M Unbacked ALPH Minted — Crypto Times","type":"news_article","url":"https://www.cryptotimes.io/2026/05/30/alephium-bridge-exploited-for-815k-13-76m-unbacked-alph-minted/"},{"credibility":2,"name":"$815K gone in 7 minutes — AMBCrypto","type":"news_article","url":"https://ambcrypto.com/815k-gone-in-7-minutes-inside-ethereums-alephium-tokenbridge-exploit/"}]},{"content":"The root cause of the exploit has been reported differently by different sources, and a factual discrepancy exists between early reporting and Alephium's official post-incident statement. Early reporting from Blockaid and outlets such as BeInCrypto and NullTX described the exploit as resulting from three compromised guardian private keys — specifically identifying the addresses 0x214f15…ad29, 0x78c7b8…7852, and 0x9efb0c…89a1 as the keys that signed six forged VAAs — with the fourth guardian key (0x4b2cbe…88fb) remaining uncompromised. Under this framing, guardians were signing over valid-looking data generated by the attacker's LOG7-based fake event contract; some sources described this as guardians 'signing valid signatures over invalid data.' Alephium's official subsequent statement, however, explicitly ruled out both a smart-contract vulnerability and direct private-key compromise. The team described the root cause as 'an off-chain vulnerability in the bridge backend that could be triggered in specific edge cases' and characterized the attack as involving forged malicious events or messages being 'observed and signed by guardians' rather than guardians' keys being stolen. The distinction is significant: the key-compromise framing implies the guardian operators' infrastructure was breached, while the off-chain backend framing implies a flaw in the bridge's event-observation layer that caused guardians to attest to fraudulent messages they perceived as legitimate. As of June 3, 2026, the full technical postmortem had not yet been published, and independent verification of the precise root cause was not available.","heading":"Root Cause — Disputed Explanation","severity":"critical","sources":[{"credibility":2,"name":"Alephium Reveals Cause of $815K Bridge Exploit, Promises Compensation — Crypto Times","type":"news_article","url":"https://www.cryptotimes.io/2026/05/30/alephium-reveals-cause-of-815k-bridge-exploit-promises-compensation/"},{"credibility":2,"name":"Fake Bridge Messages Let Hacker Drain $815,000 From Alephium — BeInCrypto","type":"news_article","url":"https://beincrypto.com/alephium-bridge-exploit-forged-messages/"},{"credibility":2,"name":"Alephium Bridge Loses $815K to Forged Guardian Messages, Not Stolen Keys — The Defiant","type":"news_article","url":"https://thedefiant.io/news/hacks/alephium-bridge-815k-forged-guardian-messages"},{"credibility":2,"name":"Alephium Bridge Hacked for $815,000 — NullTX","type":"news_article","url":"https://nulltx.com/alephium-bridge-hacked-for-815000-in-7-minutes-as-compromised-guardian-keys-enable-forged-token-transfers/"}]},{"content":"Total assets drained from the bridge custody contracts across both Ethereum and BNB Chain amounted to approximately $815,000, with an additional 13,757,076.37 wALPH minted without backing. The Ethereum-side drain comprised 200,967.31 USDT, 17,594.63 USDC, 0.33531483 WBTC, and 5.18192421 WETH. The BNB Chain side lost 36,750.106 USDT and 24.38620961 WBNB. Post-theft, the attacker converted stablecoins to ETH via Uniswap X and converted WBTC to ETH. Approximately 400,000 of the fraudulently minted wALPH were pushed into Uniswap and PancakeSwap liquidity pools before Alephium issued its warning to withdraw liquidity; approximately 1,000,000 wALPH were moved to a holding wallet. BNB Chain proceeds were converted to BNB via PancakeSwap and then bridged to Ethereum via deBridge. A portion of the proceeds was subsequently routed through Tornado Cash in an apparent laundering step. The ALPH held within the bridge on the Alephium native chain was not drained and was described by the team as recoverable.","heading":"Stolen Assets and Fund Movement","severity":"critical","sources":[{"credibility":2,"name":"Bridge Breach Unpacked: Alephium Traces $815K Hack Step by Step — Crypto Times","type":"news_article","url":"https://www.cryptotimes.io/2026/06/03/bridge-breach-unpacked-alephium-traces-815k-hack-step-by-step/"},{"credibility":2,"name":"Alephium warns to withdraw liquidity until further notice — Bitget News","type":"news_article","url":"https://www.bitget.com/asia/amp/news/detail/12560605436315"}]},{"content":"Alephium shut the bridge down immediately following detection and issued a public warning urging all liquidity providers to withdraw funds from Uniswap and PancakeSwap pools involving wALPH and bridged assets until further notice. On June 2, 2026, the bridge team and guardians executed a governance upgrade action using the upgrade(bytes encodedVM) function (method ID 0x25394645) to burn fraudulently minted wALPH. A total of 13,257,077.37295 wALPH were destroyed across attacker wallets, representing approximately 96.4% of the fabricated supply. The remaining roughly 500,000 wALPH could not be recovered because they had already entered secondary trading pools before the bridge was paused. Alephium publicly thanked Blockaid for first detecting the exploit and SEAL 911 for emergency assistance. Alephium committed to making affected users whole, stating its objective was full compensation, while acknowledging the process may take time. A full technical postmortem and details of the recovery process for users with native ALPH locked in the bridge were scheduled for publication the week of June 2, 2026. As of June 3, 2026, that postmortem had not yet been released.","heading":"Response and Remediation","severity":"high","sources":[{"credibility":2,"name":"Alephium Reveals Cause of $815K Bridge Exploit, Promises Compensation — Crypto Times","type":"news_article","url":"https://www.cryptotimes.io/2026/05/30/alephium-reveals-cause-of-815k-bridge-exploit-promises-compensation/"},{"credibility":2,"name":"Bridge Breach Unpacked: Alephium Traces $815K Hack Step by Step — Crypto Times","type":"news_article","url":"https://www.cryptotimes.io/2026/06/03/bridge-breach-unpacked-alephium-traces-815k-hack-step-by-step/"},{"credibility":2,"name":"Alephium TokenBridge Hit By $815K Ethereum Exploit After Forged VAA Attack — CryptoAdventure","type":"news_article","url":"https://cryptoadventure.com/alephium-tokenbridge-hit-by-815k-ethereum-exploit-after-forged-vaa-attack/"}]},{"content":"Several structural characteristics of the Alephium bridge architecture elevated its risk profile relative to comparable deployments. First, a four-guardian quorum requiring only three signatures (3-of-4) presents a significantly lower attack surface threshold than the mainline Wormhole deployment's 13-of-19 model — a single additional guardian compromise beyond the minimum tolerable fault is sufficient to breach the system. Second, the bridge relied on proof-of-authority guardians rather than a permissionless or economically bonded validator set, concentrating security trust in a small number of named organizations. Third, the alleged off-chain backend vulnerability — whatever its precise nature — indicates that the system's security perimeter extended beyond the on-chain smart contracts, meaning audits of the on-chain code alone were insufficient to characterize total risk. The bridge's own documentation had described VAA fabrication as 'extremely difficult,' a claim that the exploit directly contradicted regardless of whether the attack vector was key compromise or event forgery.","heading":"Structural Risk Factors","severity":"high","sources":[{"credibility":1,"name":"The Alephium Bridge — official Alephium blog post","type":"official","url":"https://alephium.org/news/post/the-alephium-bridge-a787d90b2e4a/"},{"credibility":2,"name":"Alephium TokenBridge Exploit Exposes Off-Chain Bridge Risk After $815K Loss — Turkish NY Radio","type":"news_article","url":"https://www.turkishnyradio.com/alephium-tokenbridge-exploit-exposes-off-chain-bridge-risk-after-815k-loss"}]},{"content":"The Alephium bridge exploit occurred in a period of elevated cross-chain bridge incidents in 2026. Security researchers have noted that bridges remain among the highest-risk surfaces in DeFi due to their custody of locked assets and reliance on off-chain message-validation infrastructure. The Alephium incident followed a larger exploit of KelpDAO's LayerZero bridge (alleged losses of approximately $292 million) and the Drift Protocol incident in April 2026. The Alephium case specifically illustrates the risk of small guardian sets in Wormhole-derived bridge architectures, a concern that security researchers had previously identified as a systemic weakness in custom Wormhole forks relative to the canonical deployment.","heading":"Broader Context — Bridge Security in 2026","severity":"medium","sources":[{"credibility":2,"name":"$340M Lost: 14 Crypto Hacks 2026 Targeting Bridges — CoinGabbar","type":"news_article","url":"https://www.coingabbar.com/en/crypto-currency-news/crypto-hacks-2026-14-bridge-attacks-security-concerns"},{"credibility":2,"name":"Bridge Breach Unpacked: Alephium Traces $815K Hack Step by Step — Crypto Times","type":"news_article","url":"https://www.cryptotimes.io/2026/06/03/bridge-breach-unpacked-alephium-traces-815k-hack-step-by-step/"}]}],"sources_used":[{"credibility":2,"name":"Alephium Bridge Loses $815K to Forged Guardian Messages, Not Stolen Keys — The Defiant","type":"news_article","url":"https://thedefiant.io/news/hacks/alephium-bridge-815k-forged-guardian-messages"},{"credibility":2,"name":"Bridge Breach Unpacked: Alephium Traces $815K Hack Step by Step — Crypto Times","type":"news_article","url":"https://www.cryptotimes.io/2026/06/03/bridge-breach-unpacked-alephium-traces-815k-hack-step-by-step/"},{"credibility":2,"name":"Alephium Bridge Exploited for $815K, 13.76M Unbacked ALPH Minted — Crypto Times","type":"news_article","url":"https://www.cryptotimes.io/2026/05/30/alephium-bridge-exploited-for-815k-13-76m-unbacked-alph-minted/"},{"credibility":2,"name":"Alephium Reveals Cause of $815K Bridge Exploit, Promises Compensation — Crypto Times","type":"news_article","url":"https://www.cryptotimes.io/2026/05/30/alephium-reveals-cause-of-815k-bridge-exploit-promises-compensation/"},{"credibility":2,"name":"Fake Bridge Messages Let Hacker Drain $815,000 From Alephium — BeInCrypto","type":"news_article","url":"https://beincrypto.com/alephium-bridge-exploit-forged-messages/"},{"credibility":2,"name":"$815K gone in 7 minutes — Inside Ethereum's Alephium TokenBridge exploit — AMBCrypto","type":"news_article","url":"https://ambcrypto.com/815k-gone-in-7-minutes-inside-ethereums-alephium-tokenbridge-exploit/"},{"credibility":2,"name":"Alephium TokenBridge Hit By $815K Ethereum Exploit After Forged VAA Attack — CryptoAdventure","type":"news_article","url":"https://cryptoadventure.com/alephium-tokenbridge-hit-by-815k-ethereum-exploit-after-forged-vaa-attack/"},{"credibility":2,"name":"Alephium Bridge Hacked for $815,000 in 7 Minutes — NullTX","type":"news_article","url":"https://nulltx.com/alephium-bridge-hacked-for-815000-in-7-minutes-as-compromised-guardian-keys-enable-forged-token-transfers/"},{"credibility":2,"name":"Alephium warns to withdraw liquidity until further notice — Bitget News","type":"news_article","url":"https://www.bitget.com/asia/amp/news/detail/12560605436315"},{"credibility":2,"name":"Alephium TokenBridge Exploit Exposes Off-Chain Bridge Risk After $815K Loss — Turkish NY Radio","type":"news_article","url":"https://www.turkishnyradio.com/alephium-tokenbridge-exploit-exposes-off-chain-bridge-risk-after-815k-loss"},{"credibility":1,"name":"The Alephium Bridge — official Alephium blog post","type":"official","url":"https://alephium.org/news/post/the-alephium-bridge-a787d90b2e4a/"},{"credibility":2,"name":"Alephium TokenBridge Hacked: $815,000 Stolen — Phemex News","type":"news_article","url":"https://phemex.com/news/article/alephium-tokenbridge-hacked-815000-in-assets-stolen-86934"},{"credibility":2,"name":"$340M Lost: 14 Crypto Hacks 2026 Targeting Bridges — CoinGabbar","type":"news_article","url":"https://www.coingabbar.com/en/crypto-currency-news/crypto-hacks-2026-14-bridge-attacks-security-concerns"}],"summary":"The Alephium TokenBridge is a Wormhole-fork cross-chain bridge linking the Alephium blockchain to Ethereum and BNB Chain. On May 30, 2026, the bridge was exploited for approximately $815,000 in locked assets, and 13.76 million unbacked wrapped ALPH tokens were minted on Ethereum; the attack completed in roughly seven minutes. Alephium has taken the bridge offline, pledged user compensation, and executed a partial governance burn of fraudulently minted tokens, but the underlying root cause — described by the team as an off-chain backend vulnerability — remains disputed against earlier reports of direct guardian key compromise.","timeline":[{"date":"2021-11-08","event":"Alephium mainnet launched. ALPH token total supply capped at 1 billion; 140 million minted at genesis.","source":"CoinMarketCap / Alephium documentation","source_url":"https://coinmarketcap.com/currencies/alephium/"},{"date":"2026-05-30","event":"At approximately 02:36:23 UTC, attacker purchased 485.19 wALPH on Ethereum via Uniswap for 0.01 ETH — identified as preparation for the exploit.","source":"Bridge Breach Unpacked — Crypto Times","source_url":"https://www.cryptotimes.io/2026/06/03/bridge-breach-unpacked-alephium-traces-815k-hack-step-by-step/"},{"date":"2026-05-30","event":"At approximately 06:30:47 UTC, attacker deployed a contract with a fake Wormhole message function using the LOG7 opcode.","source":"Bridge Breach Unpacked — Crypto Times","source_url":"https://www.cryptotimes.io/2026/06/03/bridge-breach-unpacked-alephium-traces-815k-hack-step-by-step/"},{"date":"2026-05-30","event":"Between 07:00 and 09:00 UTC, bridge network experienced connection issues and switched to backup checks.","source":"Bridge Breach Unpacked — Crypto Times","source_url":"https://www.cryptotimes.io/2026/06/03/bridge-breach-unpacked-alephium-traces-815k-hack-step-by-step/"},{"date":"2026-05-30","event":"At 09:16:59 UTC, main Ethereum drain began. USDT (200,967.31), WBTC (0.33531483), USDC (17,594.63), and WETH (5.18192421) unlocked from custody over approximately 60 seconds. At 09:17:59 UTC, 13,757,076.37 wALPH minted without backing.","source":"Bridge Breach Unpacked — Crypto Times","source_url":"https://www.cryptotimes.io/2026/06/03/bridge-breach-unpacked-alephium-traces-815k-hack-step-by-step/"},{"date":"2026-05-30","event":"BNB Chain side drained of 36,750.106 USDT and 24.38620961 WBNB seconds after the Ethereum drain. Total custody losses approximately $815,000.","source":"Alephium Bridge Exploited for $815K — Crypto Times","source_url":"https://www.cryptotimes.io/2026/05/30/alephium-bridge-exploited-for-815k-13-76m-unbacked-alph-minted/"},{"date":"2026-05-30","event":"Blockaid first detected and flagged the exploit. SEAL 911 emergency security response group was notified. Alephium shut the bridge down and issued a public warning urging liquidity withdrawal from Uniswap and PancakeSwap.","source":"Alephium Reveals Cause of $815K Bridge Exploit — Crypto Times","source_url":"https://www.cryptotimes.io/2026/05/30/alephium-reveals-cause-of-815k-bridge-exploit-promises-compensation/"},{"date":"2026-05-30","event":"Alephium issued official statement attributing the exploit to 'an off-chain vulnerability in the bridge backend,' explicitly ruling out smart-contract bugs and guardian key compromise. Pledged full compensation for affected users.","source":"Alephium Reveals Cause of $815K Bridge Exploit — Crypto Times","source_url":"https://www.cryptotimes.io/2026/05/30/alephium-reveals-cause-of-815k-bridge-exploit-promises-compensation/"},{"date":"2026-06-02","event":"Alephium and guardians executed governance upgrade (method ID 0x25394645) to burn fraudulently minted wALPH. 13,257,077.37295 wALPH destroyed (~96.4% of the fake supply). Approximately 500,000 wALPH in trading pools could not be recovered.","source":"Bridge Breach Unpacked — Crypto Times","source_url":"https://www.cryptotimes.io/2026/06/03/bridge-breach-unpacked-alephium-traces-815k-hack-step-by-step/"},{"date":"2026-06-03","event":"Alephium published on-chain step-by-step breakdown of the exploit sequence. Full technical postmortem and compensation plan details not yet released as of this date.","source":"Bridge Breach Unpacked — Crypto Times","source_url":"https://www.cryptotimes.io/2026/06/03/bridge-breach-unpacked-alephium-traces-815k-hack-step-by-step/"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 324941ae-9e10-43a0-868a-87f3f8d14040
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.