Audit log

Every state-changing event for Secret Network / Axelar IBC Bridge Exploit (June 2026): moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-06-20 12:03:50Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 427,719,876

   sig

   3estdqBXzgyi…KGmjPs3ycopyexplorer ↗

   hash

   6rechLCGAK5v…y7hjzF56copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (15709 B) ▸

   {"actor":"system:backfill","investigation_id":"5657dc68-5552-4875-b171-1b523739fb99","kind":"publish","page_slug":"secret-network-axelar-ibc-bridge-exploit-june-2026","published_at":"2026-06-20T12:03:50.510Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Secret Network / Axelar IBC Bridge Exploit (June 2026)","sections":[{"content":"The vulnerability resided in a modified CW20-ICS20 token contract on Secret Network responsible for handling wrapped versions of assets bridged from Axelar, including saUSDC, saUSDT, saWBTC, and additional SNIP-20 standard tokens. The contract failed to verify which IBC channel an incoming deposit packet arrived through; it matched only the token denomination name against an approved list, not the source channel or connection path. An attacker exploited this by spinning up a custom single-validator Cosmos SDK chain, opening a new IBC channel directly to the vulnerable contract, and transmitting forged ICS-20 deposit packets. This allowed the unbacked minting of wrapped saTokens on Secret Network, which were subsequently redeemed for legitimate bridged assets through the authorized Axelar IBC channel, draining the escrow. The primary victim contract identified by investigators is secret1yxjmepvyl2c25vnt53cr2dpn8amknwausxee83, one of the verified gateways for channels 60 and 61 on the axelar-dojo-1 connection. Related contracts secret1nvytjz7t5wakf0ra5y47dfenatwxpggmkwc5ru and secret1e2lwttdwnpxpg6hudplfl54pdx4404nm54mj8r were also identified. The vulnerability is alleged to have existed unpatched since 2023.","heading":"Exploit Mechanism","severity":"critical","sources":[{"credibility":2,"name":"$4.67M Exploit Hits Axelar-Secret Network Bridge, Links Disabled","type":"news_article","url":"https://www.cryptotimes.io/2026/06/19/4-67m-exploit-hits-axelar-secret-network-bridge-links-disabled/"},{"credibility":2,"name":"Secret Network Bridge Exploit Drains $4.67M From Axelar Link","type":"news_article","url":"https://www.banklesstimes.com/articles/2026/06/20/secret-network-bridge-exploit-drains-4-67m-from-axelar-link/"},{"credibility":2,"name":"Axelar Cuts Secret Network Links After $4.67M IBC Asset Drain","type":"news_article","url":"https://cryptoadventure.com/axelar-cuts-secret-network-links-after-4-67m-ibc-asset-drain/"}]},{"content":"The attack is reported to have begun on June 10, 2026, but was not detected until June 17, 2026, a gap of seven days. Secret Network's privacy-by-default architecture, which encrypts transaction details and balances at the protocol level via confidential computing, meant that anomalous minting activity was not visible in standard on-chain monitoring. Axelar reportedly discovered the discrepancy only when a routine cross-chain transfer failed because the escrow account no longer held sufficient tokens. Investigators then traced the shortfall to seven anomalous transactions dated June 10, 2026. The combination of an unverified IBC channel and encrypted on-chain state is cited across multiple sources as the primary reason the exploit persisted undetected for nearly a week.","heading":"Detection Delay and Privacy Obfuscation","severity":"high","sources":[{"credibility":2,"name":"$4.67M Exploit Hits Axelar-Secret Network Bridge, Links Disabled","type":"news_article","url":"https://www.cryptotimes.io/2026/06/19/4-67m-exploit-hits-axelar-secret-network-bridge-links-disabled/"},{"credibility":2,"name":"Axelar shuts down Secret Network bridge routes after $4.7M exploit","type":"news_article","url":"https://crypto.news/axelar-shuts-down-secret-network-bridge-routes-after-4-7m-exploit/"}]},{"content":"Following the exploit, the attacker routed stolen assets through Osmosis, a Cosmos-ecosystem decentralized exchange, then bridged them to Ethereum. On Ethereum, the assets were swapped for ETH via CoW Protocol and split across approximately 30 wallets. The funds were subsequently deposited across three centralized exchanges: KuCoin, ChangeNow, and HitBTC. Axelar confirmed it contacted relevant exchanges and law enforcement agencies to support asset tracing. No public confirmation of frozen or recovered funds had been reported as of June 20, 2026.","heading":"Fund Movement and Laundering","severity":"high","sources":[{"credibility":2,"name":"Secret Network Bridge Exploit Drains $4.67M From Axelar Link","type":"news_article","url":"https://www.banklesstimes.com/articles/2026/06/20/secret-network-bridge-exploit-drains-4-67m-from-axelar-link/"},{"credibility":2,"name":"$4.67M Exploit Hits Axelar-Secret Network Bridge, Links Disabled","type":"news_article","url":"https://www.cryptotimes.io/2026/06/19/4-67m-exploit-hits-axelar-secret-network-bridge-links-disabled/"}]},{"content":"Upon detecting the exploit on June 17, 2026, Axelar's emergency committee disabled both the Secret and Secret-SNIP IBC connections. Axelar issued a public statement: 'This incident is isolated to assets on Secret that were bridged over IBC from Axelar. No other Axelar integrations or IBC connections appear to be impacted.' The protocol stated its core validator network and broader interoperability stack were unaffected. Axelar also indicated it was coordinating with relevant exchanges and law enforcement agencies. A detailed post-mortem was stated to be in preparation as of June 19, 2026; no restoration timeline for the Secret Network connection had been provided. AXL token price rose approximately 3.85% in the days following the announcement, suggesting market participants viewed the incident as bounded to the Secret-side contract rather than a systemic Axelar failure.","heading":"Axelar Response and Containment","severity":"medium","sources":[{"credibility":2,"name":"Axelar Confirms $4.67M Exploit on Secret Network Bridge, Core Protocol Remains Unaffected","type":"news_article","url":"https://themerkle.com/axelar-confirms-4-67m-exploit-on-secret-network-bridge-core-protocol-remains-unaffected/"},{"credibility":2,"name":"Axelar disables Secret connection after $4.67M exploit hits IBC-linked assets","type":"news_article","url":"https://ambcrypto.com/axelar-disables-secret-connection-after-4-67m-exploit-hits-ibc-linked-assets/"},{"credibility":2,"name":"AXL Price Climbs 5% Despite $4.7M Exploit on Axelar-Linked Bridge","type":"news_article","url":"https://coinpaper.com/32108/axl-price-climbs-5-despite-47m-exploit-on-axelar-linked-bridge"}]},{"content":"Public security advisories from the Cosmos ecosystem provide relevant context for the class of vulnerability exploited. In 2024, the Cosmos ibc-go team published advisory ASA-2024-007 detailing a potential reentrancy vulnerability in IBC hooks affecting chains running ibc-go versions prior to v4.6.0 / v5.4.0 / v6.3.0 / v7.4.0 / v8.2.0 that are CosmWasm-enabled and use ibc-hooks middleware wrapping ICS-20. Secret Network's public changelog shows that v1.17.0 (March 7, 2025) addressed security advisories ASA-2025-001, ASA-2025-002, and ASA-2025-004, and that v1.21.6 (August 11, 2025) fixed IBC hooks for ICS contracts. Multiple reporting outlets allege the specific channel-verification gap exploited in June 2026 had been present in the affected ICS-20 contract since 2023; this specific claim has not been independently corroborated by a public audit report or official post-mortem as of the investigation date.","heading":"Vulnerability History and Prior IBC Security Advisories","severity":"high","sources":[{"credibility":1,"name":"IBC-Hooks Reentrancy Advisory ASA-2024-007 - Cosmos ibc-go","type":"other","url":"https://github.com/cosmos/ibc-go/security/advisories/GHSA-j496-crgh-34mx"},{"credibility":1,"name":"Secret Network v1.11 Versioning & Changelog","type":"official","url":"https://docs.scrt.network/secret-network-documentation/infrastructure/versioning-and-changelog/secret-network-v1.11"},{"credibility":2,"name":"$4.67M Exploit Hits Axelar-Secret Network Bridge, Links Disabled","type":"news_article","url":"https://www.cryptotimes.io/2026/06/19/4-67m-exploit-hits-axelar-secret-network-bridge-links-disabled/"}]},{"content":"The assets affected were those bridged from Axelar to Secret Network via the ICS-20 pathway, comprising privacy-wrapped SNIP-20 variants including saUSDC, saUSDT, saWBTC, and additional tokens. Users holding or transacting these bridged assets on Secret Network at the time of the exploit face loss of funds with no confirmed recovery or compensation mechanism announced as of June 20, 2026. SCRT, Secret Network's native token, declined approximately 0.9% on the day of public disclosure. Axelar stated that no other Secret Network tokens and no other Axelar-integrated chains were affected.","heading":"Affected Assets and User Impact","severity":"high","sources":[{"credibility":2,"name":"Axelar Network Disables Secret Network IBC Bridge Following $4.67 Million Exploit","type":"news_article","url":"https://cryip.co/axelar-disables-secret-network-ibc-bridge-after-4-67m-exploit/"},{"credibility":2,"name":"Secret Network Bridge Exploit Drains $4.67M From Axelar Link","type":"news_article","url":"https://www.banklesstimes.com/articles/2026/06/20/secret-network-bridge-exploit-drains-4-67m-from-axelar-link/"}]},{"content":"The incident occurred against a backdrop of elevated cross-chain bridge losses in 2026. Multiple reporting sources note that total DeFi losses exceeded $800 million by mid-June 2026, with April 2026 alone accounting for over $600 million across major bridge exploits. The Secret Network / Axelar incident is among a cluster of June 2026 security failures that also included a $36 million breach at Humanity Protocol on June 8 and two separate exploits at Aztec Network within a single week. The pattern reinforces long-standing researcher warnings that IBC-connected chains with custom contract layers represent a significant attack surface, particularly when channel-origin validation is absent or insufficient.","heading":"Broader DeFi Context","severity":"medium","sources":[{"credibility":2,"name":"Biggest DeFi Hacks and Exploits of 2026: $1 Billion+ Lost and Counting","type":"news_article","url":"https://www.ccn.com/education/crypto/defi-hacks-exploits-causes-crypto-stolen-2026/"},{"credibility":2,"name":"AXL Price Climbs 5% Despite $4.7M Exploit on Axelar-Linked Bridge","type":"news_article","url":"https://coinpaper.com/32108/axl-price-climbs-5-despite-47m-exploit-on-axelar-linked-bridge"}]}],"sources_used":[{"credibility":2,"name":"Axelar shuts down Secret Network bridge routes after $4.7M exploit","type":"news_article","url":"https://crypto.news/axelar-shuts-down-secret-network-bridge-routes-after-4-7m-exploit/"},{"credibility":2,"name":"$4.67M Exploit Hits Axelar-Secret Network Bridge, Links Disabled","type":"news_article","url":"https://www.cryptotimes.io/2026/06/19/4-67m-exploit-hits-axelar-secret-network-bridge-links-disabled/"},{"credibility":2,"name":"Secret Network Bridge Exploit Drains $4.67M From Axelar Link","type":"news_article","url":"https://www.banklesstimes.com/articles/2026/06/20/secret-network-bridge-exploit-drains-4-67m-from-axelar-link/"},{"credibility":2,"name":"Axelar Confirms $4.67M Exploit on Secret Network Bridge, Core Protocol Remains Unaffected","type":"news_article","url":"https://themerkle.com/axelar-confirms-4-67m-exploit-on-secret-network-bridge-core-protocol-remains-unaffected/"},{"credibility":2,"name":"Axelar disables Secret connection after $4.67M exploit hits IBC-linked assets","type":"news_article","url":"https://ambcrypto.com/axelar-disables-secret-connection-after-4-67m-exploit-hits-ibc-linked-assets/"},{"credibility":2,"name":"AXL Price Climbs 5% Despite $4.7M Exploit on Axelar-Linked Bridge","type":"news_article","url":"https://coinpaper.com/32108/axl-price-climbs-5-despite-47m-exploit-on-axelar-linked-bridge"},{"credibility":2,"name":"Axelar Cuts Secret Network Links After $4.67M IBC Asset Drain","type":"news_article","url":"https://cryptoadventure.com/axelar-cuts-secret-network-links-after-4-67m-ibc-asset-drain/"},{"credibility":2,"name":"Axelar Network Disables Secret Network IBC Bridge Following $4.67 Million Exploit","type":"news_article","url":"https://cryip.co/axelar-disables-secret-network-ibc-bridge-after-4-67m-exploit/"},{"credibility":2,"name":"Biggest DeFi Hacks and Exploits of 2026: $1 Billion+ Lost and Counting","type":"news_article","url":"https://www.ccn.com/education/crypto/defi-hacks-exploits-causes-crypto-stolen-2026/"},{"credibility":1,"name":"IBC-Hooks Reentrancy Advisory ASA-2024-007 - Cosmos ibc-go","type":"other","url":"https://github.com/cosmos/ibc-go/security/advisories/GHSA-j496-crgh-34mx"},{"credibility":1,"name":"Secret Network Versioning & Changelog","type":"official","url":"https://docs.scrt.network/secret-network-documentation/infrastructure/versioning-and-changelog"}],"summary":"On approximately June 10, 2026, an attacker exploited a missing channel-verification check in a Secret Network-side ICS-20 smart contract governing the Cosmos IBC connection between Secret Network and Axelar, minting unbacked wrapped tokens that were redeemed for approximately $4.67 million in real bridged assets. The exploit went undetected for seven days due to Secret Network's privacy-by-default design, and was only discovered on June 17 when a routine cross-chain transfer failed due to depleted escrow. Axelar's emergency committee severed all Secret and Secret-SNIP IBC connections on June 17; the stolen funds were subsequently laundered through Osmosis, bridged to Ethereum, and deposited across KuCoin, ChangeNow, and HitBTC.","timeline":[{"date":"2026-06-10","event":"Attacker begins exploit, creating a custom single-validator Cosmos SDK chain, opening a fraudulent IBC channel to the vulnerable ICS-20 contract on Secret Network, and sending forged deposit packets to mint unbacked saTokens redeemable for real Axelar-bridged assets. Seven anomalous transactions later traced to this date.","source":"BanklessTimes / CryptoTimes","source_url":"https://www.banklesstimes.com/articles/2026/06/20/secret-network-bridge-exploit-drains-4-67m-from-axelar-link/"},{"date":"2026-06-10","event":"Stolen assets routed through Osmosis, bridged to Ethereum, swapped for ETH via CoW Protocol, split across approximately 30 wallets, and deposited at KuCoin, ChangeNow, and HitBTC.","source":"CryptoTimes","source_url":"https://www.cryptotimes.io/2026/06/19/4-67m-exploit-hits-axelar-secret-network-bridge-links-disabled/"},{"date":"2026-06-17","event":"A routine cross-chain transfer fails due to insufficient escrow balance. Axelar investigators trace the shortfall to the June 10 transactions. Axelar's emergency committee immediately disables Secret and Secret-SNIP IBC connections.","source":"BanklessTimes / CryptoTimes","source_url":"https://www.banklesstimes.com/articles/2026/06/20/secret-network-bridge-exploit-drains-4-67m-from-axelar-link/"},{"date":"2026-06-19","event":"Axelar publicly discloses the incident, confirming approximately $4.67 million in losses, the isolation of the breach to the Secret-side ICS-20 contract, and outreach to relevant exchanges and law enforcement agencies. Multiple crypto news outlets report the incident.","source":"Axelar via crypto.news / CryptoTimes / AMBCrypto / The Merkle","source_url":"https://crypto.news/axelar-shuts-down-secret-network-bridge-routes-after-4-7m-exploit/"},{"date":"2026-06-20","event":"Additional reporting published. No recovery, compensation mechanism, or restoration timeline for Secret Network IBC connections announced. Post-mortem stated to be in preparation.","source":"BanklessTimes","source_url":"https://www.banklesstimes.com/articles/2026/06/20/secret-network-bridge-exploit-drains-4-67m-from-axelar-link/"}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision f4272914-98eb-4d75-9aaa-a11c27b2a89ecopy