Skip to main content
Sign in
Namada Protocol — MASP IBC Transfer Logic Exploit (June 19 2026)1 decision on this page

Audit log

Every state-changing event for Namada Protocol — MASP IBC Transfer Logic Exploit (June 19 2026): moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-06-21 12:19:15Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 427,939,754
    sig
    B6xbQhMbTXrK…Y7sHQADwexplorer ↗
    hash
    GxHey7HYPbH9…m3o6RE1qsha256 → base58
    verifying row…full verify ↗
    canonical bytes (14330 B) ▸
    {"actor":"system:backfill","investigation_id":"d47a5d73-afd6-40e8-9b9d-c0b907a1f5f1","kind":"publish","page_slug":"namada-protocol-masp-ibc-transfer-logic-exploit-june-19-2026","published_at":"2026-06-21T12:19:15.376Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Namada Protocol — MASP IBC Transfer Logic Exploit (June 19 2026)","sections":[{"content":"On June 19, 2026, an attacker exploited a flaw in Namada Protocol's IBC transfer logic to drain the Multi-Asset Shielded Pool (MASP) of approximately $600,000 in assets. The assets affected included ATOM, USDC, OSMO, TIA, NYM, and other Cosmos IBC-bridged tokens. According to reporting by CryptoTimes and independent security firm F12, the attacker targeted liquid assets that could be moved across the Cosmos ecosystem, leaving behind staked and less liquid holdings. DefiLlama's hacks database classified the event as a Protocol Logic incident. This is the first publicly disclosed exploit of Namada's shielded pool infrastructure since the protocol's mainnet launched on December 3, 2024.","heading":"Incident Overview","severity":"critical","sources":[{"credibility":2,"name":"Namada's $600K MASP Drain Goes Unnoticed as Stale Indexer Masks the Loss — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/20/namadas-600k-masp-drain-goes-unnoticed-as-stale-indexer-masks-the-loss/"},{"credibility":2,"name":"Namada Investigates Protocol Exploit Amid Security Review — CoinTrust","type":"news_article","url":"https://www.cointrust.com/market-news/namada-investigates-protocol-exploit-amid-security-review"},{"credibility":2,"name":"SlowMist Hacked — DeFi Exploits Database","type":"research","url":"https://hacked.slowmist.io/"},{"credibility":2,"name":"DefiLlama Hacks Database","type":"research","url":"https://defillama.com/hacks"}]},{"content":"The attack vector was classified as an IBC Transfer Logic Exploit — a flaw in the protocol logic governing how shielded assets are processed via Inter-Blockchain Communication (IBC) transfers, rather than a conventional smart contract bug. Namada's MASP is built on a Sapling-derived zero-knowledge circuit and supports shielded IBC, which enables privacy-preserving cross-chain asset transfers within the Cosmos ecosystem. The exploit targeted this interface. Security firm F12 identified that approximately 228,517 ATOM were transferred via IBC to the address cosmos1zw9weagzm2w4ud6w3ql7m7rvzpxhvkpt8kk4ff, which then rapidly emptied them through further IBC transfers and on-chain sends within hours, leaving only dust. The specific vulnerability in the transfer logic had not been publicly disclosed by Namada's development team as of the investigation date, consistent with standard practice of withholding technical details during an active investigation.","heading":"Attack Vector: IBC Transfer Logic Exploit","severity":"critical","sources":[{"credibility":2,"name":"Namada's $600K MASP Drain Goes Unnoticed as Stale Indexer Masks the Loss — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/20/namadas-600k-masp-drain-goes-unnoticed-as-stale-indexer-masks-the-loss/"},{"credibility":1,"name":"Namada Documentation — Shielded IBC","type":"official","url":"https://docs.namada.net/users/ibc/shielded-ibc"},{"credibility":1,"name":"Namada Specs — IBC Integration","type":"official","url":"https://specs.namada.net/modules/ibc"}]},{"content":"A critical secondary dimension of the incident is the role of a stale chain indexer in masking the exploit. Following the drain, Namada's block explorer and data indexing infrastructure continued displaying the drained token balances as available in the MASP, while live RPC queries against the actual network returned zero balances for ATOM, USDC, OSMO, TIA, and NYM. The discrepancy was not surfaced by automated monitoring but was instead identified by independent analysts who cross-referenced block explorer data against live RPC node responses. According to CryptoTimes reporting, F12 published wallet addresses, network endpoints, and other on-chain data to support independent verification of its findings. This indexer desync delayed detection and response, and raised broader questions about the reliability of privacy-chain monitoring infrastructure when shielded pool states change suddenly. The TVL displayed on DefiLlama's Namada Shielded Pools tracker reportedly dropped from approximately $600,000 to near zero following the discovery.","heading":"Stale Indexer and Delayed Detection","severity":"high","sources":[{"credibility":2,"name":"Namada's $600K MASP Drain Goes Unnoticed as Stale Indexer Masks the Loss — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/20/namadas-600k-masp-drain-goes-unnoticed-as-stale-indexer-masks-the-loss/"},{"credibility":2,"name":"Namada Shielded Pools TVL Stats — DefiLlama","type":"on_chain","url":"https://defillama.com/protocol/namada-shielded-pools"}]},{"content":"Namada is a proof-of-stake Layer 1 blockchain built by Heliax as the first fractal instance of the Anoma protocol. Its primary value proposition is asset-agnostic privacy via the Multi-Asset Shielded Pool (MASP), a Sapling-derived zero-knowledge circuit that allows multiple asset types — fungible tokens, NFTs, and interchain assets — to share a unified privacy set. The NAM token powers network security, governance, and transaction fee payments. Namada is built on the Cosmos SDK and is IBC-compatible, enabling shielded cross-chain transfers with other Cosmos ecosystem chains. The protocol's mainnet launched on December 3, 2024, following a multi-phase governance-coordinated rollout announced in April 2024. Namada's stated security program, administered through the Anoma Foundation, offers bug bounties of up to CHF 100,000 for critical vulnerabilities, with contact at security@anoma.foundation.","heading":"Namada Protocol Background","severity":"medium","sources":[{"credibility":2,"name":"Namada Launches Mainnet — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/press-releases/namada-launches-mainnet-introducing-shielded-crosschain-transactions"},{"credibility":1,"name":"Namada Mainnet Launch — Official","type":"official","url":"https://namada.net/mainnet-launch"},{"credibility":1,"name":"Namada Security Program","type":"official","url":"https://namada.net/security"},{"credibility":2,"name":"Namada Tokenomics: NAM Staking and Privacy Features — Figment","type":"research","url":"https://www.figment.io/insights/namada-tokenomics-a-guide-to-nam-staking-rewards-and-privacy-features/"}]},{"content":"Following the exploit, Namada's development team issued a statement confirming the incident: 'There's been an exploit in the Namada protocol. We are investigating the issue and are involving the relevant parties.' The team also appealed to the responsible party to make contact: 'If you are the white hat hacker behind this exploit, please get in touch with us.' The development team stated it was collaborating with security partners and Cosmos ecosystem validators on containment measures. As of June 21, 2026, no recovery timeline had been announced, no user compensation plan had been detailed, and the specific vulnerability had not been publicly disclosed. CoinTrust noted that the project had not confirmed whether all affected assets were user funds or whether partial recovery was possible. The investigation remained ongoing at the time of this report.","heading":"Namada's Response and Investigation Status","severity":"high","sources":[{"credibility":2,"name":"Namada Investigates Protocol Exploit Amid Security Review — CoinTrust","type":"news_article","url":"https://www.cointrust.com/market-news/namada-investigates-protocol-exploit-amid-security-review"},{"credibility":2,"name":"Namada's $600K MASP Drain Goes Unnoticed as Stale Indexer Masks the Loss — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/20/namadas-600k-masp-drain-goes-unnoticed-as-stale-indexer-masks-the-loss/"}]},{"content":"The exploit carries particular significance for a privacy-first protocol because the MASP is Namada's core value proposition. Users who bridge assets into the shielded pool do so with an expectation of both privacy and security. A protocol logic flaw at the IBC shielding boundary directly undermines both guarantees simultaneously: the exploit demonstrated that assets could be drained from the shielded pool via the cross-chain transfer pathway itself. Additionally, the stale indexer problem raises concerns specific to privacy chains, where the opacity of shielded state can compound the difficulty of detecting anomalies. Standard DeFi monitoring approaches — watching on-chain balances via block explorers — failed to surface the drain in real time. Users relying on Namada's shielded IBC functionality for active asset custody should treat the protocol as carrying elevated risk until a complete postmortem and patch have been published and independently reviewed.","heading":"Implications for Privacy Protocol Users","severity":"critical","sources":[{"credibility":2,"name":"Namada's $600K MASP Drain Goes Unnoticed as Stale Indexer Masks the Loss — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/20/namadas-600k-masp-drain-goes-unnoticed-as-stale-indexer-masks-the-loss/"},{"credibility":1,"name":"Namada Documentation — The MASP","type":"official","url":"https://docs.namada.net/users/shielded-accounts"}]}],"sources_used":[{"credibility":2,"name":"Namada's $600K MASP Drain Goes Unnoticed as Stale Indexer Masks the Loss — CryptoTimes","type":"news_article","url":"https://www.cryptotimes.io/2026/06/20/namadas-600k-masp-drain-goes-unnoticed-as-stale-indexer-masks-the-loss/"},{"credibility":2,"name":"Namada Investigates Protocol Exploit Amid Security Review — CoinTrust","type":"news_article","url":"https://www.cointrust.com/market-news/namada-investigates-protocol-exploit-amid-security-review"},{"credibility":2,"name":"SlowMist Hacked — DeFi Exploits Database","type":"research","url":"https://hacked.slowmist.io/"},{"credibility":2,"name":"DefiLlama Hacks Database","type":"research","url":"https://defillama.com/hacks"},{"credibility":2,"name":"Namada Shielded Pools TVL Stats — DefiLlama","type":"on_chain","url":"https://defillama.com/protocol/namada-shielded-pools"},{"credibility":1,"name":"Namada Mainnet Launch — Official","type":"official","url":"https://namada.net/mainnet-launch"},{"credibility":1,"name":"Namada Security Program","type":"official","url":"https://namada.net/security"},{"credibility":1,"name":"Namada Documentation — Shielded IBC","type":"official","url":"https://docs.namada.net/users/ibc/shielded-ibc"},{"credibility":1,"name":"Namada Specs — IBC Integration","type":"official","url":"https://specs.namada.net/modules/ibc"},{"credibility":1,"name":"Namada Specs — MASP","type":"official","url":"https://specs.namada.net/masp.html"},{"credibility":2,"name":"Namada Launches Mainnet — CoinTelegraph","type":"news_article","url":"https://cointelegraph.com/press-releases/namada-launches-mainnet-introducing-shielded-crosschain-transactions"},{"credibility":2,"name":"Namada Tokenomics: NAM Staking and Privacy Features — Figment","type":"research","url":"https://www.figment.io/insights/namada-tokenomics-a-guide-to-nam-staking-rewards-and-privacy-features/"}],"summary":"On June 19, 2026, Namada Protocol's Multi-Asset Shielded Pool (MASP) was drained of approximately $600,000 in IBC-bridged assets including ATOM, USDC, OSMO, TIA, and NYM via an IBC Transfer Logic Exploit. The attack went undetected for a material period because a stale chain indexer continued displaying the drained balances as available, while live RPC queries showed zero; the discrepancy was first identified by independent security researchers at F12. Namada confirmed the exploit and issued an appeal to the responsible party to contact them, but as of the investigation date had not disclosed the specific vulnerability, recovery status, or a comprehensive postmortem.","timeline":[{"date":"2024-12-03","event":"Namada Protocol mainnet launched via a community-coordinated genesis event involving over 180 independent validators.","source":"CoinTelegraph / Namada Official","source_url":"https://cointelegraph.com/press-releases/namada-launches-mainnet-introducing-shielded-crosschain-transactions"},{"date":"2026-06-18","event":"Alleged beginning of exploit window. The attacker began draining IBC-bridged assets from Namada's MASP via IBC Transfer Logic Exploit, according to CryptoTimes reporting citing F12.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/06/20/namadas-600k-masp-drain-goes-unnoticed-as-stale-indexer-masks-the-loss/"},{"date":"2026-06-19","event":"Approximately $600,000 in assets (ATOM, USDC, OSMO, TIA, NYM and others) confirmed drained from Namada's MASP. Stale indexer continued showing balances intact; live RPC queries showed zero. Independent security researchers at F12 detected the discrepancy by cross-referencing data sources. Attacker IBC-transferred approximately 228,517 ATOM to address cosmos1zw9weagzm2w4ud6w3ql7m7rvzpxhvkpt8kk4ff, which rapidly emptied further via IBC sends.","source":"CryptoTimes / SlowMist Hacked","source_url":"https://www.cryptotimes.io/2026/06/20/namadas-600k-masp-drain-goes-unnoticed-as-stale-indexer-masks-the-loss/"},{"date":"2026-06-20","event":"CryptoTimes published detailed reporting on the MASP drain, including the stale indexer masking mechanism and F12's on-chain findings. DefiLlama recorded the event in its hacks database as a $600,000 Protocol Logic exploit.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/06/20/namadas-600k-masp-drain-goes-unnoticed-as-stale-indexer-masks-the-loss/"},{"date":"2026-06-21","event":"Namada team confirmed the exploit publicly, stating: 'There's been an exploit in the Namada protocol. We are investigating the issue and are involving the relevant parties.' Team appealed to 'white hat hacker' to make contact. CoinTrust reported investigation ongoing; no recovery timeline or specific vulnerability disclosure made.","source":"CoinTrust","source_url":"https://www.cointrust.com/market-news/namada-investigates-protocol-exploit-amid-security-review"}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision c25cf351-31b7-4dc0-914b-d5b84ad1ea61
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.