Verify a decision

{"actor":"system:backfill","investigation_id":"119a7754-54c1-4cb8-bd02-7ddfe576c4fa","kind":"publish","page_slug":"adshares-bridge-ads","published_at":"2026-05-28T05:10:56.813Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Adshares Bridge (ADS)","sections":[{"content":"Adshares is a decentralized advertising network founded in 2017, with its whitepaper released that year and mainnet launched in December 2018. The project aims to reduce intermediaries between advertisers and publishers by enabling direct transactions on its proprietary ESC blockchain, described as a delegated proof-of-stake fork capable of high transaction throughput. The native ADS token serves as payment for advertising services, transaction fees, and network participation incentives. Adshares has established integrations with metaverse platforms including Decentraland and Cryptovoxels, and claims to serve over 2,000 advertisers and hundreds of publishers. The project introduced a cross-chain bridge to enable wrapped ADS (wADS) tokens on Ethereum, expanding its liquidity reach to Uniswap V4 liquidity pools.","heading":"Project Background","severity":"low","sources":[{"credibility":2,"name":"Adshares Official Website","type":"official","url":"https://adshares.net/blockchain"},{"credibility":2,"name":"Adshares (ADS) — CoinGecko","type":"other","url":"https://www.coingecko.com/en/coins/adshares"},{"credibility":3,"name":"Adshares: A Brief History of the Decentralized Advertising Network — Medium","type":"other","url":"https://medium.com/@coinxhunters/adshares-a-brief-history-of-the-decentralized-advertising-network-e551e0d7988d"}]},{"content":"On May 17, 2026, the Adshares cross-chain bridge on Ethereum was exploited for approximately $628,000. According to security researchers and reporting by CryptoAdventure and PANews (citing PeckShield), the attack centered on fraudulent wADS minting. The bridge-minter externally owned account (EOA) allegedly signed three wrapTo() calls referencing native-chain transaction IDs that did not exist on the Adshares canonical chain. Because the bridge contract performed no verification of the supplied transaction IDs against canonical chain state, these calls succeeded and minted large amounts of unbacked wrapped ADS to the attacker's address. The attacker then dumped the fabricated wADS via Uniswap V4's UniversalRouter, draining approximately 148.5 ETH and $305,000 USDC from liquidity pools, for a combined loss of approximately $628,000. Security analyst chrisdior4 on X documented the attack mechanism shortly after it occurred, confirming the three wrapTo() calls and the Uniswap V4 exit route. The root cause identified by analysts was a complete absence of minimum validation on native transaction IDs within the bridge contract, allowing any signed call from the bridge-minter EOA to mint tokens without on-chain proof of a corresponding deposit on the Adshares canonical chain.","heading":"May 2026 Bridge Exploit — Bridge Verification Bypass","severity":"critical","sources":[{"credibility":2,"name":"Adshares Bridge Exploiter Returns 256 ETH After $628K Incident — CryptoAdventure","type":"news_article","url":"https://cryptoadventure.com/adshares-bridge-exploiter-returns-256-eth-after-628k-incident/"},{"credibility":2,"name":"PeckShield: Adshares cross-chain bridge hackers return over 80% of stolen funds — PANews","type":"news_article","url":"https://www.panewslab.com/en/articles/019e3ae3-2795-761d-9fbc-5b1b3cdb86c7"},{"credibility":3,"name":"chrisdior4 on X — wrapTo() exploit description","type":"social_media","url":"https://x.com/chrisdior777/status/2055752668262375665"},{"credibility":2,"name":"Adshares Bridge Attacker Returns 256 ETH, Recovers 86% of Stolen Funds — MEXC News","type":"news_article","url":"https://www.mexc.com/news/1100734"}]},{"content":"Following the exploit, Adshares posted an on-chain bounty message to the attacker's address offering a 10% bounty in exchange for the return of 90% of stolen funds. PeckShield flagged on approximately May 18-19, 2026, that the exploiter had returned 256 ETH to the project's deployment address, valued at approximately $540,700 at the time of the alert. This represents roughly 86% of the approximately $628,000 originally stolen, leaving an estimated $88,000 (approximately 14% of the original total) unreturned. The nature of the attacker's decision to return funds has not been confirmed publicly. Security researchers at MEXC noted the return could reflect direct negotiation, pressure from on-chain tracking, or a white-hat decision after exposure. As of the investigation date, Adshares had not published a detailed public postmortem confirming the exact failure path, affected contracts, final loss treatment, or bridge operational status.","heading":"Partial Fund Recovery","severity":"high","sources":[{"credibility":2,"name":"Adshares Bridge Exploiter Returns 256 ETH After $628K Incident — CryptoAdventure","type":"news_article","url":"https://cryptoadventure.com/adshares-bridge-exploiter-returns-256-eth-after-628k-incident/"},{"credibility":2,"name":"PeckShield: Adshares cross-chain bridge hackers return over 80% of stolen funds — PANews","type":"news_article","url":"https://www.panewslab.com/en/articles/019e3ae3-2795-761d-9fbc-5b1b3cdb86c7"},{"credibility":2,"name":"Adshares Bridge Attacker Returns 256 ETH, Recovers 86% of Stolen Funds — MEXC News","type":"news_article","url":"https://www.mexc.com/news/1100734"}]},{"content":"Analysts identified the core vulnerability as the bridge contract's acceptance of wrapTo() calls signed by the bridge-minter EOA with no verification against the Adshares canonical chain's actual transaction state. In a properly designed cross-chain bridge, a minting call on the destination chain should require cryptographic proof or an oracle-attested reference to a corresponding lock or burn event on the source chain. The Adshares bridge allegedly accepted any bridge-minter-signed call with an arbitrary transaction ID string, with no on-chain check confirming the referenced source-chain transaction existed, had the correct amount, or had not already been claimed. No public security audit report for the Adshares bridge contract has been identified in available sources. The absence of an identified audit and the fundamental nature of the validation gap — allowing fabricated IDs to pass — suggests the bridge lacked standard security controls expected in cross-chain infrastructure.","heading":"Bridge Security Architecture — Missing Validation","severity":"critical","sources":[{"credibility":2,"name":"Adshares Bridge Exploiter Returns 256 ETH After $628K Incident — CryptoAdventure","type":"news_article","url":"https://cryptoadventure.com/adshares-bridge-exploiter-returns-256-eth-after-628k-incident/"},{"credibility":3,"name":"chrisdior4 on X — wrapTo() exploit description","type":"social_media","url":"https://x.com/chrisdior777/status/2055752668262375665"},{"credibility":2,"name":"7 Cross-Chain Bridge Vulnerabilities Explained — Chainlink","type":"research","url":"https://chain.link/education-hub/cross-chain-bridge-vulnerabilities"}]},{"content":"The Adshares bridge exploit occurred during a period of heightened bridge attack activity. PeckShield tracked eight major cross-chain bridge incidents in May 2026, totaling approximately $328.6 million in losses across multiple protocols. Other incidents in this wave included the Verus-Ethereum bridge ($11.5 million), Transit Finance ($1.88 million on May 13), and TAC Protocol ($2.8 million, classified as white hat). Larger incidents in the broader 2026 period included alleged exploits of KelpDAO/LayerZero (approximately $300 million) and Drift Protocol (over $200 million), though those incidents extended beyond May. The Adshares exploit, at approximately $628,000, was among the smaller incidents in the May 2026 wave by absolute dollar value but is notable for the specific mechanism — fabricating non-existent source-chain transaction IDs — which represents a distinct validation bypass technique.","heading":"Broader Context — May 2026 Bridge Exploit Wave","severity":"medium","sources":[{"credibility":2,"name":"Crypto Bridge Exploits Hit $328.6M in May as PeckShield Tracks 8 Major Incidents — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/crypto-bridge-exploits-328-million-may-2026-peckshield/"},{"credibility":2,"name":"Bridge hacks back in vogue as Verus exploit brings 2026 total to $329M — Protos","type":"news_article","url":"https://protos.com/bridge-hacks-back-in-vogue-as-verus-exploit-brings-2026-total-to-329m/"},{"credibility":2,"name":"Every Major DeFi Hack in 2026 So Far — Phemex","type":"news_article","url":"https://phemex.com/blogs/defi-hacks-2026-bridge-exploits-explained"}]},{"content":"As of the investigation date, Adshares had not published a public incident postmortem identifying the exact vulnerability, the affected contract addresses, remediation steps taken, whether the bridge remained operational, or how the approximately $88,000 in unreturned funds would be treated. No information was available confirming whether liquidity providers or individual users suffered direct losses. The absence of formal disclosure is a material concern for a project operating custodial cross-chain infrastructure. Security commentators cited in available reporting warned that partial refund events can be followed by secondary fraud such as phishing portals posing as official fund-recovery mechanisms, and users should exercise caution.","heading":"Transparency and Disclosure Gaps","severity":"high","sources":[{"credibility":2,"name":"Adshares Bridge Exploiter Returns 256 ETH After $628K Incident — CryptoAdventure","type":"news_article","url":"https://cryptoadventure.com/adshares-bridge-exploiter-returns-256-eth-after-628k-incident/"}]},{"content":"As of late May 2026, the ADS token traded at approximately $0.48–$0.57 USD on CoinGecko, with a market capitalization of approximately $18.6 million and a circulating supply of approximately 39 million ADS. The token had experienced a reported 20.8% decline over the seven-day period spanning the exploit. The most active trading pair, ADS/ETH, was on Uniswap V4 (Ethereum), with approximately $110,000 in 24-hour volume — the same venue used by the attacker to exit fabricated wADS positions.","heading":"Token Market Data","severity":"low","sources":[{"credibility":2,"name":"Adshares (ADS) — CoinGecko","type":"other","url":"https://www.coingecko.com/en/coins/adshares"},{"credibility":2,"name":"Adshares price today, ADS to USD — CoinMarketCap","type":"other","url":"https://coinmarketcap.com/currencies/adshares/"}]}],"sources_used":[{"credibility":2,"name":"Adshares Bridge Exploiter Returns 256 ETH After $628K Incident — CryptoAdventure","type":"news_article","url":"https://cryptoadventure.com/adshares-bridge-exploiter-returns-256-eth-after-628k-incident/"},{"credibility":2,"name":"PeckShield: Adshares cross-chain bridge hackers return over 80% of stolen funds — PANews","type":"news_article","url":"https://www.panewslab.com/en/articles/019e3ae3-2795-761d-9fbc-5b1b3cdb86c7"},{"credibility":2,"name":"Adshares Bridge Attacker Returns 256 ETH, Recovers 86% of Stolen Funds — MEXC News","type":"news_article","url":"https://www.mexc.com/news/1100734"},{"credibility":3,"name":"chrisdior4 on X — wrapTo() exploit description","type":"social_media","url":"https://x.com/chrisdior777/status/2055752668262375665"},{"credibility":2,"name":"Crypto Bridge Exploits Hit $328.6M in May as PeckShield Tracks 8 Major Incidents — Bitcoin.com News","type":"news_article","url":"https://news.bitcoin.com/crypto-bridge-exploits-328-million-may-2026-peckshield/"},{"credibility":2,"name":"Bridge hacks back in vogue as Verus exploit brings 2026 total to $329M — Protos","type":"news_article","url":"https://protos.com/bridge-hacks-back-in-vogue-as-verus-exploit-brings-2026-total-to-329m/"},{"credibility":2,"name":"Every Major DeFi Hack in 2026 So Far — Phemex","type":"news_article","url":"https://phemex.com/blogs/defi-hacks-2026-bridge-exploits-explained"},{"credibility":2,"name":"Adshares (ADS) — CoinGecko","type":"other","url":"https://www.coingecko.com/en/coins/adshares"},{"credibility":2,"name":"Adshares price today, ADS to USD — CoinMarketCap","type":"other","url":"https://coinmarketcap.com/currencies/adshares/"},{"credibility":2,"name":"Adshares Official Website — Blockchain","type":"official","url":"https://adshares.net/blockchain"},{"credibility":2,"name":"Adshares GitHub","type":"official","url":"https://github.com/adshares"},{"credibility":2,"name":"7 Cross-Chain Bridge Vulnerabilities Explained — Chainlink","type":"research","url":"https://chain.link/education-hub/cross-chain-bridge-vulnerabilities"}],"summary":"Adshares is a decentralized advertising blockchain project founded in 2017, operating on its proprietary ESC blockchain with a cross-chain bridge enabling wrapped ADS (wADS) on Ethereum. On May 17, 2026, the Adshares cross-chain bridge was exploited for approximately $628,000 via a bridge verification bypass in which a bridge-minter EOA signed three wrapTo() calls with fabricated non-existent canonical chain transaction IDs, allowing unbacked wADS to be minted and dumped on Uniswap V4. Following an on-chain bounty message, the attacker returned 256 ETH (approximately $540,700, or 86% of stolen funds), leaving an estimated $88,000 unreturned and no public postmortem published as of the investigation date.","timeline":[{"date":"2017-01-01","event":"Adshares project founded; whitepaper released outlining decentralized advertising network on ESC blockchain.","source":"Medium — Coinxhunters / Adshares history","source_url":"https://medium.com/@coinxhunters/adshares-a-brief-history-of-the-decentralized-advertising-network-e551e0d7988d"},{"date":"2018-12-01","event":"Adshares mainnet launched on proprietary ESC blockchain.","source":"Medium — Coinxhunters / Adshares history","source_url":"https://medium.com/@coinxhunters/adshares-a-brief-history-of-the-decentralized-advertising-network-e551e0d7988d"},{"date":"2026-05-17","event":"Adshares cross-chain bridge exploited. Bridge-minter EOA signed three wrapTo() calls with fabricated non-existent native-chain transaction IDs, minting unbacked wADS. Attacker dumped wADS via Uniswap V4 UniversalRouter, draining approximately 148.5 ETH and $305,000 USDC for a combined loss of approximately $628,000.","source":"CryptoAdventure / chrisdior4 on X","source_url":"https://cryptoadventure.com/adshares-bridge-exploiter-returns-256-eth-after-628k-incident/"},{"date":"2026-05-17","event":"Adshares project posted an on-chain bounty message to the attacker's address, offering a 10% bounty in exchange for return of 90% of stolen funds.","source":"CryptoAdventure","source_url":"https://cryptoadventure.com/adshares-bridge-exploiter-returns-256-eth-after-628k-incident/"},{"date":"2026-05-18","event":"PeckShield reported the attacker returned 256 ETH (approximately $540,700, approximately 86% of stolen funds) to the Adshares project's deployment address. Approximately $88,000 (14%) was not returned.","source":"PANews citing PeckShield","source_url":"https://www.panewslab.com/en/articles/019e3ae3-2795-761d-9fbc-5b1b3cdb86c7"},{"date":"2026-05-19","event":"MEXC News and other outlets confirmed the 256 ETH partial recovery. No public postmortem had been published by Adshares as of this date.","source":"MEXC News","source_url":"https://www.mexc.com/news/1100734"}]},"v":1}