Secret Network Bridge Hit by Infinite Mint Bug, $4.7M Drained in Week-Long Exploit

A vulnerability in a cross-chain bridge on Secret Network allowed an attacker to create tokens without backing, drain roughly $4.7 million in assets, and move the funds through Ethereum into exchanges—all within a week before the exploit was detected. The bug, described as an “infinite mint” flaw, exploited a missing check in a smart contract that wrapped assets from Axelar, a decentralized interoperability network. Once the flaw was triggered, the attacker could generate mirrored tokens on Secret Network that were not backed by real reserves, then redeem them for legitimate assets held in escrow. The attack highlights the continuing risk of bridge-level vulnerabilities even as privacy-focused blockchains and interoperability protocols expand.

How the Infinite Mint Bug Worked

The exploit centered on Axelar’s wrapped assets on Secret Network, known as saTokens (e.g., saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, sawstETH). These tokens are meant to represent assets bridged from other chains and held in escrow on Axelar. Under normal operation, when a user deposits an asset via Axelar, the protocol mints the corresponding saToken on Secret Network and locks the original asset in escrow. The reverse process burns the saToken and releases the original asset.

According to a blockchain research report, the attacker exploited a missing verification step in the contract logic. The smart contract responsible for minting saTokens did not confirm that incoming deposits originated from a legitimate Axelar channel. Instead, it accepted any deposit and minted new tokens. By forging deposits over a channel controlled by the attacker, the contract minted genuine saTokens without any underlying assets being locked. These newly minted tokens were then transferred or redeemed normally, draining the real assets held in escrow.

The vulnerability remained undetected for seven days after the initial exploit on June 10. The breach was only noticed on June 17 when a cross-chain transaction failed with an “insufficient funds” error in the drained account. This triggered an investigation that revealed the drained escrow and the forged minting activity.

The Attacker’s Route: From Secret to Ethereum to Exchanges

After minting unbacked saTokens, the attacker converted them into native assets on Secret Network and bridged them to Ethereum using a cross-chain route. Once on Ethereum, the stolen funds were swapped into Ether (ETH), simplifying the transfer process and reducing traceability through a single asset type.

The proceeds were then split across approximately 30 wallets, a common tactic to obscure the flow of funds. From these wallets, the attacker deposited portions of the stolen ETH into multiple centralized exchanges, including KuCoin, ChangeNow, and HitBTC. This distribution strategy suggests the attacker aimed to convert liquid crypto into fiat or stable assets while minimizing the risk of a single exchange freezing the funds.

Notably, the attacker did not attempt to launder the funds through privacy-focused protocols such as Tornado Cash, which is often used in larger crypto heists. The direct movement to exchanges indicates either a preference for speed or confidence that the exchanges would not flag the incoming funds as suspicious at the time. The use of centralized venues also makes recovery more difficult, as exchanges typically require legal process and identification to freeze or reverse transactions.

Implications for Privacy Chains and Cross-Chain Bridges

The Secret Network exploit underscores the persistent risks in cross-chain interoperability, especially for privacy-focused blockchains that rely on wrapped assets for liquidity. Secret Network’s design prioritizes confidentiality via encrypted smart contracts, but this incident shows that confidentiality does not eliminate systemic risks in bridge contracts. The infinite mint bug is a classic smart contract vulnerability—an authorization or validation flaw—that allows unauthorized token creation. Similar bugs have caused multi-million-dollar losses in other bridges, including Nomad and Wormhole.

For users, the key takeaway is that wrapped tokens on any chain are only as secure as the bridge contract and the escrow mechanism behind them. In this case, Secret Network’s announcement urged holders of Axelar-bridged saTokens to be aware that their tokens’ backing was affected and that funds may be at risk. This is a rare but critical warning: when a bridge is exploited, the wrapped tokens on the destination chain may become unbacked, effectively worthless, even if the underlying protocol claims otherwise. Users holding such tokens should monitor official channels for updates and consider withdrawing or swapping them if advised.

For developers and validators, the exploit highlights the need for rigorous audits of bridge contracts, especially those involving interoperability between ecosystems. Formal verification, multi-signature controls, and real-time monitoring of escrow balances can help detect anomalies early. The seven-day delay in detection suggests that current monitoring practices may not be sufficient for detecting sophisticated or slow-moving exploits. Integrating anomaly detection tools that flag unusual minting or redemption patterns could reduce detection time and limit losses.

Regulatory and Exchange Response Trends

The movement of stolen funds directly into centralized exchanges is increasingly common in crypto exploits, and it has drawn attention from regulators and compliance teams. Exchanges are under pressure to improve know-your-customer (KYC) and anti-money-laundering (AML) controls, particularly for large or rapid deposits. Some exchanges have implemented real-time transaction monitoring and risk scoring to flag deposits linked to known exploit addresses. However, the attacker’s use of multiple wallets and exchanges shows that gaps remain, especially when funds are converted quickly into ETH and spread across venues.

This incident occurs amid a broader wave of bridge exploits in June 2026, with at least 22 reported hacks totaling tens of millions of dollars. Among the largest were the Humanity Protocol and Syscoin Bridge incidents, which lost $32 million and $8 million respectively. The clustering of high-value exploits in a short period suggests that attackers may be targeting bridge vulnerabilities systematically, possibly leveraging automated tools to scan for similar flaws across interoperability protocols. This trend increases the urgency for cross-chain protocols to adopt shared security standards and threat intelligence sharing.

What Users Should Do Now

If you held Axelar-wrapped saTokens on Secret Network—such as saUSDT, saUSDC, saDAI, saWETH, saWBTC, saWBNB, or sawstETH—you should treat those tokens as potentially unbacked. The Secret Network team has advised users to be aware that their funds may be lost. The safest course is to avoid transacting with these tokens until an official audit or recovery plan is announced. Do not assume that the tokens retain their peg or value.

For users on other chains who rely on wrapped assets via bridges, review recent security advisories from the bridge operators. Look for any mention of contract upgrades, audits, or warnings about token backing. Consider reducing exposure to wrapped tokens during periods of heightened bridge activity or after high-profile exploits. Diversifying liquidity across multiple bridges or using native assets when possible can reduce dependency on any single interoperability layer.

If you used Secret Network or Axelar recently, check your wallet for any unusual transactions. Use blockchain explorers to trace token movements and verify the current backing status of wrapped assets. Tools like Etherscan or Secret Analytics can help track the flow of funds from bridges to exchanges. If you find suspicious activity, report it to the relevant platform and consider revoking any unnecessary smart contract approvals to prevent further unauthorized transfers.

Broader Lessons for Blockchain Security

The infinite mint bug is a reminder that smart contract security is not just about code correctness—it is about economic incentives and real-world consequences. A single missing validation check can break the economic model of a bridge, turning trusted wrapped tokens into liabilities. Privacy chains add another layer of complexity: while encryption protects user data, it does not prevent contract-level exploits from propagating across chains. The combination of privacy and interoperability requires even stronger security practices, including public audits, bug bounties, and community monitoring.

Developers building on Secret Network or similar privacy-focused chains should prioritize transparency in security practices. Publishing audit reports, maintaining public disclosure channels, and engaging with external security researchers can help identify vulnerabilities before they are exploited. Validators and node operators should also monitor on-chain activity for unusual minting or burning patterns that could indicate a contract-level attack.

For the broader ecosystem, this incident reinforces the need for cross-chain security standards. Initiatives like the Interoperability Standards Working Group are pushing for common security models, but adoption remains uneven. Until such standards are widely implemented, users must remain vigilant, and developers must treat every bridge contract as a high-risk component of the infrastructure.

What to Watch Next

Over the coming weeks, expect an official post-mortem from Secret Network and Axelar detailing the root cause, the timeline of the exploit, and the steps being taken to prevent recurrence. Pay attention to whether the attacker’s funds are frozen or returned, as this could set a precedent for future bridge exploits. Also watch for changes in how exchanges handle deposits linked to exploited addresses—some may begin blacklisting or delaying withdrawals for such funds.

On the technical side, monitor for updates to Axelar’s bridge contracts and Secret Network’s interoperability modules. If a patch is released, users should verify that it has been applied before resuming activity. Additionally, keep an eye on regulatory responses. If authorities link the stolen funds to identifiable accounts on exchanges, they may issue subpoenas or sanctions, which could lead to frozen funds and increased transparency in fund recovery.

Finally, this exploit may accelerate interest in alternative interoperability solutions, such as light clients or zero-knowledge proofs, that reduce reliance on trusted bridges. Projects like zkBridge and similar ZK-based interoperability protocols are gaining traction for their ability to provide cryptographic guarantees without centralized escrow. If such solutions prove scalable and secure, they could become a preferred method for cross-chain transfers, especially in privacy-preserving contexts.

In summary, the Secret Network bridge exploit is a cautionary tale about the fragility of wrapped assets and the importance of rigorous contract validation. While privacy and interoperability expand what’s possible in decentralized finance, they also introduce new attack surfaces. Users must stay informed, developers must prioritize security, and the ecosystem must push for stronger standards to prevent the next infinite mint scenario.