Shibarium Bridge Falls Victim To $2.4 Million Drain Attack – Details

Shibarium, the Ethereum-based Layer 2 scaling solution built around the Shiba Inu ecosystem, has suffered a major security breach, leading to the loss of about $2.4 million in assets. The drain attack has since prompted intense immediate emergency responses.

Hacker Uses Bridge Funds To Seize 4.6M BONE

In an X post on September 13, the development team behind the Shiba Inu (SHIB) token revealed that a hacker leveraged funds from an earlier bridge hack to acquire 4.6 million BONE tokens in a single block, mimicking a flash loan-style transaction. This maneuver temporarily granted the malicious actor significant validator voting power to sign a malicious state on the Shibarium network, where BONE functions as the governance token.

Notably, the flash loan-like transactions were settled using assets transferred directly from the bridge in the form of 224.57 Ethereum (ETH) ($1.05 million) and 92.6 billion SHIB ($1.30 million). However, the BONE tokens remain locked with validators due to staking mechanisms, preventing the attacker from withdrawing them immediately.

Nevertheless, the validator compromise highlighted a critical issue for the Ethereum layer 2 solution. The Shiba Inu team notes that evidence suggests that 10 of 12 validators’ signing keys were breached, leaving only K9 Finance and Unification validators resisting the malicious signing attempt.

In addition, other assets, including LEASH ($645,000), ROAR ($284,000), TREAT ($50,000), BAD ($17,000), and SHIFU ($10,000), were also drained but have not been sold. Meanwhile, the hacker’s attempt to offload approximately $700,000 worth of stolen KNINE tokens was thwarted after the K9 Finance DAO multisig blacklisted their address, effectively freezing 248 billion KNINE permanently.

Shibarium Team Shares Security Response And Next Steps

In the immediate aftermath, the Shiba Inu team has halted staking and unstaking functions to safeguard community assets. Meanwhile, stake manager funds were also moved from proxy contracts into a secure 6-of-9 hardware multisig wallet. In addition, Blockchain security teams such as Hexens, Seal911, and PeckShield have also been onboarded to conduct a forensic investigation into the breach.

In other developments, Shiba Inu developer with X username Kaal Dhairya confirmed that while damage control and investigations are underway, the team is open to negotiating with the hacker, offering leniency and even a potential small bounty should the stolen assets be returned.

Following the hack, the Shibarium ecosystem tokens have varying degrees of a negative price reaction. Notably, the Shiba Inu (SHIB) trades at 0.000014 following a slight 1.67% decline in the last day. Meanwhile, LEASH and BONE are down by 5.69% and 21.98% respectively, within the same period.