Verify a decision

{"actor":"system:backfill","investigation_id":"4511c051-1302-4bc4-b6aa-bc3bdc34bb74","kind":"publish","page_slug":"shibarium-bridge","published_at":"2026-06-30T12:11:12.000Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Shibarium Bridge","sections":[{"content":"Shibarium is an EVM-compatible proof-of-stake sidechain for Ethereum developed by the Shiba Inu ecosystem team. The Shibarium Bridge — also called the Shibarium Plasma Bridge — connects Ethereum mainnet to the Shibarium L2, allowing users to transfer SHIB, BONE, LEASH, KNINE, ROAR, ETH, and other ecosystem tokens. The bridge relies on a whitelisted validator set: state checkpoints require signatures from at least 2/3+1 of staked validators. L2BEAT flagged that the validator set is gated by a non-public whitelist and that the system uses no cryptographic validity proofs — state transitions are accepted purely on the basis of validator signatures. A single externally owned account (EOA) can upgrade critical bridge contracts with no time delay, which L2BEAT rated as a critical risk factor. Because of these architectural characteristics, L2BEAT does not classify Shibarium as a traditional rollup or validium.","heading":"Background and Architecture","severity":"high","sources":[{"credibility":2,"name":"Shibarium — L2BEAT Risk Assessment","type":"research","url":"https://l2beat.com/scaling/projects/shibarium"},{"credibility":2,"name":"Shibarium Bridge Security Update — Shiba Inu Official Blog","type":"official","url":"https://blog.shib.io/shibarium-bridge-security-update/"}]},{"content":"Shibarium's mainnet launched on August 16, 2023 but encountered immediate and severe problems within hours of going live. Block production halted, and on-chain data confirmed that approximately 956 ETH (worth roughly $1.7 million at the time) became stuck in the bridge contract, along with additional BONE tokens worth around $762,000. Blockchain security firm PeckShield confirmed the funds were inaccessible. Lead developer Shytoshi Kusama denied a bridge bug in a post titled 'Shibarium: ALL IS WELL,' attributing the failure to excessive transaction volume overwhelming the RPC infrastructure. Community moderators silenced Discord members during the incident. Polygon Labs co-founder Sandeep Nailwal subsequently intervened with technical resources to help resolve the issue. SHIB dropped approximately 7–8% and BONE fell 16% on the day of the incident. Funds were ultimately recovered and the network was restored, though the episode raised questions about the readiness of the bridge infrastructure for a public launch.","heading":"Launch Failure and Stuck Funds (August 2023)","severity":"high","sources":[{"credibility":2,"name":"$1.7M of Ethereum 'Stuck' in SHIB Layer-2 Network Shibarium — Decrypt","type":"news_article","url":"https://decrypt.co/152773/1-7m-ethereum-stuck-shib-layer-2-network-shibarium"},{"credibility":2,"name":"Shiba Inu Botches Shibarium Launch, $2.5M in Crypto Stuck — Crypto Briefing","type":"news_article","url":"https://cryptobriefing.com/shiba-bridge-shiubarium-funds-stuck/"},{"credibility":2,"name":"Shiba Inu Shibarium Layer-2 Bridge Problems Hamper Launch — BeInCrypto","type":"news_article","url":"https://beincrypto.com/shiba-inu-shibarium-launch-problems-1-7m-eth-stuck-bridge/"},{"credibility":2,"name":"$1.7 million rendered inaccessible for weeks in broken bridge to new Shibarium network — web3isgoinggreat.com","type":"research","url":"https://www.web3isgoinggreat.com/single/shibarium-bridge-failure"}]},{"content":"On September 12, 2025 at 18:44 UTC, an attacker exploited the Shibarium bridge through a combination of flash loan manipulation and validator key compromise. The attacker borrowed 4.6 million BONE tokens via a flash loan on ShibaSwap and delegated them to a validator (Ryoshi Validator 1), temporarily accumulating over two-thirds of total validator stake. This met the network's 8-of-12-signature supermajority threshold required for checkpoint approval. The attacker then used access to what appear to be compromised internal validator signing keys — with 10 of the 12 validators ultimately signing the malicious transaction — to submit fraudulent checkpoints to Shibarium's Ethereum bridge contracts, enabling unauthorized withdrawals of bridged assets.\n\nAssets confirmed stolen include approximately 72.6 billion SHIB (~$948,000), 216–224 WETH (~$975,000–$1 million), 248.9 billion KNINE (~$631,000), 29,167 LEASH (~$490,000), and 32 million ROAR tokens (~$347,000), along with additional tokens. Total losses are reported by different sources between $2.4 million and $4.1 million depending on token valuations and whether partially recovered assets are included. Approximately $1.3 million in stolen tokens became inaccessible to the attacker after K9 Finance blacklisted the attacker's address and staking lock mechanisms froze the borrowed BONE.\n\nLead developer Kaal Dhairya stated: 'We are currently in damage control mode and do not yet know if the breach originated from a server or a developer machine.' Potential attack vectors identified included developer machine compromise, cloud KMS vulnerabilities, migration exposure, and supply-chain attacks. Security researcher MrLightspeed alleged that only two validators (K9 Finance and Unification) maintained genuine independence, suggesting the apparent decentralization was illusory and that a single party may have controlled the majority of validator keys.","heading":"September 2025 Bridge Exploit","severity":"critical","sources":[{"credibility":2,"name":"Shibarium bridge suffers 'sophisticated' flash loan attack, with $2.4 million drained — The Block","type":"news_article","url":"https://www.theblock.co/post/370536/shibarium-bridge-suffers-sophisticated-flash-loan-attack-with-2-4-million-drained"},{"credibility":2,"name":"Shibarium bridge exploited, $2.4m lost in flash loan attack — crypto.news","type":"news_article","url":"https://crypto.news/shibarium-bridge-exploited-2-4m-lost-flash-loan-attack/"},{"credibility":2,"name":"$4.1M Shibarium Bridge Hack: SHIB Tanks, BONE Collapses & Validator Keys Compromised — CCN","type":"news_article","url":"https://www.ccn.com/education/crypto/shibarium-bridge-hack-shib-bone-crash-explained/"},{"credibility":2,"name":"Shibarium — Rekt.news","type":"research","url":"https://rekt.news/shibarium-rekt"},{"credibility":2,"name":"Shibarium Bridge Security Update — Shiba Inu Official Blog","type":"official","url":"https://blog.shib.io/shibarium-bridge-security-update/"},{"credibility":1,"name":"BONE Price Surges 40% After Shibarium Flash Loan Exploit — CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2025/09/13/bone-price-surges-40-after-shibarium-flash-loan-exploit"},{"credibility":2,"name":"Shibarium bridge hit with $2.4 million flash loan attack — web3isgoinggreat.com","type":"research","url":"https://www.web3isgoinggreat.com/single/shibarium-bridge-hit-with-2-4-million-flash-loan-attack"}]},{"content":"Independent risk assessments identify structural governance weaknesses in the Shibarium Bridge. L2BEAT flagged multiple critical risks prior to the September 2025 exploit: state updates are accepted if signed by a supermajority of validators without any cryptographic validity proof; the validator set is controlled by a non-public whitelist; and a single EOA can upgrade critical contracts without any time delay, creating a scenario where all user funds could theoretically be stolen via a malicious upgrade before users could exit.\n\nThe September 2025 exploit validated these pre-identified risks. The network's reliance on BONE token staking as the primary validator voting mechanism created an attack surface exploitable via flash loans. Analysts noted that concentrating 10 of 12 validator signing keys in what may have been a small number of infrastructure providers or developer-controlled machines amplified the impact when those keys were compromised.\n\nFollowing the exploit, the Shiba Inu team acknowledged decentralization shortcomings and outlined plans to expand the validator set, implement multi-party hardware custody for signing keys, and add policy-level controls including rate limits, challenge windows, and circuit breakers.","heading":"Governance and Centralization Risks","severity":"critical","sources":[{"credibility":2,"name":"Shibarium — L2BEAT Risk Assessment","type":"research","url":"https://l2beat.com/scaling/projects/shibarium"},{"credibility":2,"name":"Shibarium Bridge Breach Reveals Governance Flaws — OneSafe Blog","type":"news_article","url":"https://www.onesafe.io/blog/shibarium-bridge-breach-governance-flaws"},{"credibility":2,"name":"Shibarium Bridge: Dev Details Path to Stronger Decentralization — The Shib Daily","type":"official","url":"https://news.shib.io/2025/09/24/shibarium-bridge-dev-details-path-to-stronger-decentralization/"},{"credibility":2,"name":"Shibarium Suffers ~$2.3-$3M Validator and Bridge Exploit — Vibranium Audits","type":"research","url":"https://www.vibraniumaudits.com/post/shibarium-suffers-2-3--3m-validator-and-bridge-exploit----network-integrity-tested"}]},{"content":"Following the September 2025 exploit, the Shiba Inu team took several immediate containment steps: pausing bridge staking and unstaking to freeze the attacker's borrowed BONE tokens within lock periods; migrating over 100 ecosystem contracts to multi-signature hardware wallets; rotating all validator signing keys; and establishing 24/7 monitoring of attacker wallets in coordination with law enforcement. The team recovered 4.6 million BONE tokens from the attacker's staking position as the lock period expired.\n\nThe team engaged security firms Hexens, PeckShield, and Seal 911 for forensic analysis. These firms reportedly confirmed that the core protocol had no deeper structural flaws beyond the key management failures. Lead developer Kaal Dhairya published a four-phase security hardening plan including: completing validator signer hygiene and custody improvements; implementing rate limits, challenge windows, and circuit breakers; expanding the validator set; and committing to ongoing independent audits.\n\nThe Shiba Inu team offered a bounty of 50 ETH (approximately $225,000) for voluntary return of stolen assets, expressing openness to negotiating in 'good faith' with the attacker. The Shibarium Plasma Bridge was partially reopened for BONE transfers in October 2025, with a mandatory seven-day withdrawal finalization delay and a blacklisting system for flagged addresses. A staged rollout for other tokens was planned, pending the same testing standards applied to BONE.\n\nAs of October 2025, hack victims faced continued delays in receiving restitution, with the team pledging refunds through ecosystem reserves and reclaimed assets.","heading":"Developer Response and Security Remediation","severity":"high","sources":[{"credibility":2,"name":"Shiba Inu's Shibarium preps bridge restart and plans user refunds after $4 million exploit — The Block","type":"news_article","url":"https://www.theblock.co/post/373368/shiba-inu-shibarium-preps-bridge-restart-plans-user-refunds-after-4-million-exploit"},{"credibility":2,"name":"Shibarium Reboots After $4M Hack, Pledges User Refunds — CryptoNews","type":"news_article","url":"https://cryptonews.com/news/shibarium-reboots-after-4m-hack-pledges-user-refunds-heres-the-plan/"},{"credibility":2,"name":"Shiba Inu Reopens Shibarium Bridge, But Hack Victims Still Face Repayment Delay — The Crypto Basic","type":"news_article","url":"https://thecryptobasic.com/2025/10/15/shiba-inu-reopens-shibarium-bridge-but-hack-victims-still-face-repayment-delay/"},{"credibility":2,"name":"Shibarium Bridge: Dev Commits to Audits in 4-Phase Security Plan — The Shib Daily","type":"official","url":"https://news.shib.io/2025/09/23/shibarium-bridge-dev-commits-to-audits-in-4-phase-security-plan/"},{"credibility":2,"name":"Shiba Inu Rolls Out Stronger Shibarium Bridge with New Security Features — The Shib Daily","type":"official","url":"https://news.shib.io/2025/10/14/shiba-inu-rolls-out-stronger-shibarium-bridge-with-new-security-features/"},{"credibility":2,"name":"Shiba Inu Team Offers $229,000 Bounty to Recover $4.1M from Shibarium Bridge Hack — MEXC News","type":"news_article","url":"https://www.mexc.co/en-PH/news/101881"}]},{"content":"Beyond the protocol-level exploit, the Shibarium ecosystem has been targeted by sustained phishing campaigns. The Shiba Inu security team issued multiple warnings about fake websites designed to impersonate official Shib.io interfaces. A prominent example involved the fraudulent domain app-shib-io.pages.dev/snapshot, which mimicked the official portal's appearance and drained wallets upon connection. Bogus Telegram groups and expired Discord invite links have also been exploited to trap users and redirect them to malicious sites. The Shiba Inu team has advised users to verify all URLs before interacting, avoid connecting wallets to unverified platforms, and use revoke.cash to cancel suspicious permissions. These phishing risks are considered independent of the bridge protocol itself but compound the overall risk profile for end users interacting with the Shibarium ecosystem.","heading":"Phishing and Fake Bridge Warnings","severity":"medium","sources":[{"credibility":2,"name":"SHIB Investors Targeted by Sophisticated Scam Mimicking Official Site — SQ Magazine","type":"news_article","url":"https://sqmagazine.co.uk/shiba-inu-wallet-phishing-scam-warning/"},{"credibility":2,"name":"Urgent Phishing Scam Alert Issued to Shibarium Community — U.Today","type":"news_article","url":"https://u.today/urgent-phishing-scam-alert-issued-to-shibarium-community"},{"credibility":2,"name":"Critical Warning Concerning Shiba Inu (SHIB) Users — CryptoPotato","type":"news_article","url":"https://cryptopotato.com/critical-warning-concerning-shiba-inu-shib-users-details/"}]},{"content":"The September 2025 exploit triggered significant market reactions. SHIB declined approximately 11.5% in the immediate aftermath, while BONE collapsed by 43.5%. Both tokens began to partially recover after the team announced containment measures. The partial BONE recovery was also influenced by the team locking the attacker's flash-loaned BONE within the staking system, which effectively removed a large potential sell pressure. The August 2023 launch incident similarly moved markets, with SHIB dropping 7–8% and BONE falling 16% on that day. Ongoing uncertainty about refund timelines for hack victims has continued to weigh on community confidence.","heading":"Market and Token Impact","severity":"medium","sources":[{"credibility":1,"name":"BONE Price Surges 40% After Shibarium Flash Loan Exploit — CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2025/09/13/bone-price-surges-40-after-shibarium-flash-loan-exploit"},{"credibility":2,"name":"$4.1M Shibarium Bridge Hack: SHIB Tanks, BONE Collapses & Validator Keys Compromised — CCN","type":"news_article","url":"https://www.ccn.com/education/crypto/shibarium-bridge-hack-shib-bone-crash-explained/"}]}],"sources_used":[{"credibility":2,"name":"Shibarium — L2BEAT Risk Assessment","type":"research","url":"https://l2beat.com/scaling/projects/shibarium"},{"credibility":2,"name":"$1.7M of Ethereum 'Stuck' in SHIB Layer-2 Network Shibarium — Decrypt","type":"news_article","url":"https://decrypt.co/152773/1-7m-ethereum-stuck-shib-layer-2-network-shibarium"},{"credibility":2,"name":"Shiba Inu Botches Shibarium Launch, $2.5M in Crypto Stuck — Crypto Briefing","type":"news_article","url":"https://cryptobriefing.com/shiba-bridge-shiubarium-funds-stuck/"},{"credibility":2,"name":"$1.7 million rendered inaccessible in broken bridge — web3isgoinggreat.com","type":"research","url":"https://www.web3isgoinggreat.com/single/shibarium-bridge-failure"},{"credibility":2,"name":"Shibarium bridge suffers 'sophisticated' flash loan attack — The Block","type":"news_article","url":"https://www.theblock.co/post/370536/shibarium-bridge-suffers-sophisticated-flash-loan-attack-with-2-4-million-drained"},{"credibility":2,"name":"Shibarium bridge exploited, $2.4m lost in flash loan attack — crypto.news","type":"news_article","url":"https://crypto.news/shibarium-bridge-exploited-2-4m-lost-flash-loan-attack/"},{"credibility":2,"name":"$4.1M Shibarium Bridge Hack — CCN","type":"news_article","url":"https://www.ccn.com/education/crypto/shibarium-bridge-hack-shib-bone-crash-explained/"},{"credibility":2,"name":"Shibarium — Rekt.news","type":"research","url":"https://rekt.news/shibarium-rekt"},{"credibility":2,"name":"Shibarium Bridge Security Update — Shiba Inu Official Blog","type":"official","url":"https://blog.shib.io/shibarium-bridge-security-update/"},{"credibility":1,"name":"BONE Price Surges 40% After Shibarium Flash Loan Exploit — CoinDesk","type":"news_article","url":"https://www.coindesk.com/markets/2025/09/13/bone-price-surges-40-after-shibarium-flash-loan-exploit"},{"credibility":2,"name":"Shibarium bridge hit with $2.4 million flash loan attack — web3isgoinggreat.com","type":"research","url":"https://www.web3isgoinggreat.com/single/shibarium-bridge-hit-with-2-4-million-flash-loan-attack"},{"credibility":2,"name":"Shiba Inu's Shibarium preps bridge restart and plans user refunds — The Block","type":"news_article","url":"https://www.theblock.co/post/373368/shiba-inu-shibarium-preps-bridge-restart-plans-user-refunds-after-4-million-exploit"},{"credibility":2,"name":"Shibarium Reboots After $4M Hack, Pledges User Refunds — CryptoNews","type":"news_article","url":"https://cryptonews.com/news/shibarium-reboots-after-4m-hack-pledges-user-refunds-heres-the-plan/"},{"credibility":2,"name":"Shiba Inu Reopens Shibarium Bridge, But Hack Victims Still Face Repayment Delay — The Crypto Basic","type":"news_article","url":"https://thecryptobasic.com/2025/10/15/shiba-inu-reopens-shibarium-bridge-but-hack-victims-still-face-repayment-delay/"},{"credibility":2,"name":"Shibarium Bridge: Dev Commits to Audits in 4-Phase Security Plan — The Shib Daily","type":"official","url":"https://news.shib.io/2025/09/23/shibarium-bridge-dev-commits-to-audits-in-4-phase-security-plan/"},{"credibility":2,"name":"Shiba Inu Rolls Out Stronger Shibarium Bridge with New Security Features — The Shib Daily","type":"official","url":"https://news.shib.io/2025/10/14/shiba-inu-rolls-out-stronger-shibarium-bridge-with-new-security-features/"},{"credibility":2,"name":"Shibarium Bridge Breach Reveals Governance Flaws — OneSafe Blog","type":"news_article","url":"https://www.onesafe.io/blog/shibarium-bridge-breach-governance-flaws"},{"credibility":2,"name":"Shibarium Ethereum Bridge Exploit: How $4.1M Was Stolen — OKX Learn","type":"research","url":"https://www.okx.com/en-us/learn/shibarium-ethereum-bridge-exploit-defi-security"},{"credibility":2,"name":"Shibarium Suffers ~$2.3-$3M Validator and Bridge Exploit — Vibranium Audits","type":"research","url":"https://www.vibraniumaudits.com/post/shibarium-suffers-2-3--3m-validator-and-bridge-exploit----network-integrity-tested"},{"credibility":2,"name":"Shiba Inu Team Offers $229,000 Bounty to Recover $4.1M from Shibarium Bridge Hack — MEXC News","type":"news_article","url":"https://www.mexc.co/en-PH/news/101881"},{"credibility":2,"name":"SHIB Investors Targeted by Sophisticated Scam Mimicking Official Site — SQ Magazine","type":"news_article","url":"https://sqmagazine.co.uk/shiba-inu-wallet-phishing-scam-warning/"},{"credibility":2,"name":"Urgent Phishing Scam Alert Issued to Shibarium Community — U.Today","type":"news_article","url":"https://u.today/urgent-phishing-scam-alert-issued-to-shibarium-community"}],"summary":"The Shibarium Bridge is the Ethereum-to-Shibarium cross-chain bridge operated by the Shiba Inu ecosystem team, enabling transfer of SHIB, BONE, LEASH, and other tokens between Ethereum mainnet and the Shibarium Layer 2 network. The bridge suffered two major incidents: a chaotic launch in August 2023 that left approximately $1.7 million in ETH temporarily inaccessible, and a far more serious exploit in September 2025 in which attackers compromised 10 of 12 validator signing keys to drain approximately $3–4.1 million in assets. The bridge was partially restored in October 2025 following a security overhaul, but hack victims faced ongoing repayment delays and independent analysts raised persistent concerns about centralization and governance design.","timeline":[{"date":"2023-08-16","event":"Shibarium mainnet launches; block production halts within hours and approximately $1.7M in ETH (956 ETH) and additional BONE tokens become stuck in the bridge contract. Lead developer Shytoshi Kusama attributes the failure to excessive traffic rather than a bridge bug.","source":"Decrypt","source_url":"https://decrypt.co/152773/1-7m-ethereum-stuck-shib-layer-2-network-shibarium"},{"date":"2023-08-17","event":"Polygon Labs co-founder Sandeep Nailwal provides technical resources to help restore Shibarium. Network resumes operation and stuck funds become accessible.","source":"Cryptonews.net","source_url":"https://cryptonews.net/news/altcoins/21606089/"},{"date":"2025-09-12","event":"Attacker exploits Shibarium Bridge at 18:44 UTC using a flash loan of 4.6 million BONE tokens to gain supermajority validator control, combined with compromise of 10 of 12 validator signing keys. Fraudulent checkpoints are submitted to Ethereum bridge contracts, enabling unauthorized withdrawal of approximately $3–4.1 million in SHIB, ETH, KNINE, LEASH, ROAR, and other tokens.","source":"The Block","source_url":"https://www.theblock.co/post/370536/shibarium-bridge-suffers-sophisticated-flash-loan-attack-with-2-4-million-drained"},{"date":"2025-09-12","event":"Shiba Inu team pauses staking and unstaking, freezing the attacker's borrowed BONE within lock periods. Bridge operations are halted. Law enforcement contacted.","source":"Shiba Inu Official Blog","source_url":"https://blog.shib.io/shibarium-bridge-security-update/"},{"date":"2025-09-13","event":"BONE price temporarily surges 40% as staking freeze reduces circulating supply pressure; SHIB has dropped ~11.5% and BONE had fallen ~43.5% immediately post-exploit.","source":"CoinDesk","source_url":"https://www.coindesk.com/markets/2025/09/13/bone-price-surges-40-after-shibarium-flash-loan-exploit"},{"date":"2025-09-22","event":"Lead developer Kaal Dhairya releases post-exploit developer report, acknowledging ongoing investigation into the breach origin.","source":"The Shib Daily","source_url":"https://news.shib.io/2025/09/22/shibarium-bridge-exploit-kaal-drops-latest-dev-report-post-hack/"},{"date":"2025-09-23","event":"Kaal Dhairya commits to a four-phase security hardening plan including validator hygiene, policy-level controls, expanded decentralization, and ongoing independent audits. Security firms Hexens, PeckShield, and Seal 911 engaged.","source":"The Shib Daily","source_url":"https://news.shib.io/2025/09/23/shibarium-bridge-dev-commits-to-audits-in-4-phase-security-plan/"},{"date":"2025-09-24","event":"Shiba Inu team offers 50 ETH bounty (~$225,000) for voluntary return of stolen assets, expressing willingness to negotiate with the attacker.","source":"MEXC News","source_url":"https://www.mexc.co/en-PH/news/101881"},{"date":"2025-10-14","event":"Shibarium Plasma Bridge reopened for BONE token transfers following an independent audit by Hexens, with new security features including a seven-day mandatory withdrawal delay and address blacklisting.","source":"The Shib Daily","source_url":"https://news.shib.io/2025/10/14/shiba-inu-rolls-out-stronger-shibarium-bridge-with-new-security-features/"},{"date":"2025-10-15","event":"Reports confirm hack victims still face delays in receiving restitution despite the bridge's partial reopening, with the team pledging refunds through ecosystem reserves.","source":"The Crypto Basic","source_url":"https://thecryptobasic.com/2025/10/15/shiba-inu-reopens-shibarium-bridge-but-hack-victims-still-face-repayment-delay/"}]},"v":1}