Shiba Inu’s layer-2 network, Shibarium, was impacted by a coordinated exploit where an attacker utilized a flash loan to take control of a validator, drain assets from its bridge, and initiate a temporary halt of staking operations.
The attacker acquired 4.6 million BONE, the governance token of Shiba Inu’s layer-2 network, through a flash loan. This allowed them to access validator signing keys and gain majority validator control.
Utilizing that power, the attacker signed a fraudulent network state and siphoned assets from the Shibarium bridge, connecting it to the Ethereum network.
As BONE remains staked and is subject to an unstaking delay, the funds are currently locked, providing developers a brief period to act and freeze the funds. Dhariya stated.
The Shibarium team has now suspended all staking and unstaking functionalities, transferred remaining funds to a hardware wallet secured by a 6-of-9 multisig arrangement, and initiated an internal investigation.
It remains uncertain if the breach resulted from a compromised server or a developer machine. While total losses have yet to be confirmed, transaction data indicates they are close to $3 million.
The team is collaborating with security firms and has informed law enforcement. Additionally, developers have proposed a peace offering to the attacker.
“Authorities have been contacted. However, we are open to negotiating in good faith with the attacker: if the funds are returned, we will not pursue any charges and are willing to consider a small bounty,” Dhariya mentioned.
The price of BONE surged immediately post-attack, at one point more than doubling in value, before adjustments brought it to a gain of around 40% since the exploit. SHIB has risen by over 8%.
Leave a Reply