The Shibarium bridge, a key channel connecting the Shiba Inu Layer 2 network with Ethereum, was struck by a major security breach recently.
In a flash loan attack, an exploiter drained assets worth nearly $3 million, mainly in ETH and SHIB. Consequently, Shiba Inu developers took emergency steps to protect the network.
PeckShield Sounds the Alarm
Notably, the incident first came to light when blockchain security firm PeckShield flagged suspicious activity. The company posted on X that the Shibarium bridge contract had been compromised and tagged Shiba Inu’s lead developer, Shytoshi Kusama, urging him to review the unusual BONE tokens transfer.
Within hours, another lead developer, Kaal Dhairya, confirmed the exploit. He also assured the community that the team had already launched a detailed investigation.
Shiba Inu Exploiter Seized Validator Control
Initial findings revealed a carefully planned attack. The exploiter took out a flash loan of 4.6 million BONE, the gas token of Shibarium, from Shibaswap, the network’s native DEX. This allowed them to compromise 10 of the 12 validator signing keys that were securing the network. Controlling more than two-thirds of the keys gave the exploiter de facto authority over the bridge.
Armed with this control, the attacker drained 224.57 ETH and 92.6 billion SHIB from the Shibarium bridge contract. At current market prices, these stolen assets are worth around $2.4 million, which the exploiter then transferred to their own wallet.
Developers Freeze Staking Functions
To limit the damage, Shiba Inu ecosystem developers acted swiftly. They paused staking and unstaking functions on the network, effectively locking up the borrowed BONE tokens. This move prevented the exploiter from using their validator majority and stopped further misuse of network authority.
The attack also affected K9 Finance, a project that runs on Shibarium. The exploiter ended up holding a large volume of KNINE tokens worth approximately $700,000. Meanwhile, the K9 Finance DAO has blacklisted the wallet, making those tokens unsellable.
In addition, the investigators identified other tokens linked to the ecosystem, including LEASH and TREAT, as being at potential risk. However, at the time of writing, the exploiter has neither transferred nor liquidated these assets, and they remain untouched.
Shiba Inu Developer Calls It a Sophisticated Attack
Kaal Dhairya called the exploit “sophisticated” and suggested that hackers had likely worked on it for several months. In his statement on X, he confirmed that the Shiba Inu team had informed law enforcement. At the same time, he noted that the developers are open to offering a bounty if the attacker decides to return the stolen funds.
To strengthen the investigation and reinforce security, the Shiba Inu team has engaged multiple security partners, including PeckShield, Seal 911, and Hexens. Their role is to analyze the exploit and suggest measures to prevent similar incidents in the future.
Market Reacts with Volatility
The exploit caused sharp fluctuations across Shibarium-related tokens. BONE, the governance token directly linked to the breach, surged more than 122% in just one hour. Its price leapt from $0.166 to $0.37 on MEXC Global as traders reacted to the news.
However, the sharp rally did not last long, with BONE quickly retreating to about $0.19 as profit-taking and risk concerns set in.
Meanwhile, SHIB, the popular meme token that anchors the ecosystem, fell by more than 5% in the past 24 hours, dropping to around $0.00001319.
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author's personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.
