The Shibarium bridge, connecting the Shiba Inu Layer 2 network to Ethereum, was targeted in a flash loan attack resulting in a loss of approximately $2.4 million.
How the Attack Happened
Shiba Inu developers reported that the attacker borrowed 4.6 million BONE tokens using a flash loan, allowing them to gain control of 10 out of 12 validator keys, effectively giving them a two-thirds majority on the network.
The attacker then drained 224.57 ETH and 92.6 billion SHIB from the bridge into their own wallet. Additionally, they seized KNINE tokens valued at around $700,000 from K9 Finance. Attempts to sell these tokens were thwarted when the K9 Finance DAO blacklisted the attacker’s wallet, rendering the tokens unsellable.
Developer Response
The Shiba Inu team swiftly acted to prevent further losses:
* They paused staking and unstaking operations, freezing the borrowed BONE tokens which already faced an unstaking delay. * The stake manager funds were moved into a hardware wallet managed by a trusted 6-out-of-9 multisig team for enhanced security. * Security firms Hexens, Seal 911, and PeckShield were brought in to investigate the breach.
Kaal Dhairya, a lead developer in the Shiba Inu ecosystem, mentioned that the source of the breach remains unclear.
Market Impact
The attack caused the price of BONE to spike from $0.165 to $0.294 within an hour before stabilizing around $0.202, and is currently down by 5% at $0.19. SHIB saw a 4.5% increase over the last 24 hours but is presently down by 5% as well.
Shiba Inu developers informed the community that once they confirm validator control is secure and complete the key transfers, all stake manager funds will be fully restored.
The attack on the Shibarium bridge highlights vulnerabilities in blockchain systems and the need for enhanced security. The Shiba Inu team is working diligently on recovery and prevention of future attacks.
