Blockchain interoperability platform Axelar has confirmed a security breach that resulted in the theft of approximately $4.7 million in bridged assets connected to the Secret Network. The incident, disclosed on June 19, 2026, involved tokens transferred via the Cosmos Inter-Blockchain Communication (IBC) protocol and was limited to a specific smart contract on the Secret side.
According to Axelar, the problem stemmed from assets bridged from its network to Secret Network.
Early analysis showed the vulnerability was confined to the Secret-side ICS-20 smart contract used in the IBC connection. Axelar’s core protocol, other IBC routes, and native Secret tokens remained unaffected.
We have identified an incident affecting assets bridged over IBC to Secret Network from the Axelar chain, with approximately $4.67M worth of tokens taken. Based on current information, the issue is isolated to the Secret-side ICS-20 smart contract of the Cosmos IBC connection…
— Axelar Network (@axelar) June 19, 2026
No other integrations or chains faced compromise.
The exploit unfolded on June 10, 2026. An attacker reportedly created a fake Cosmos-based chain and established an unauthorized IBC channel to a modified CW20-ICS20 contract on Secret Network.
This contract, intended to wrap and manage Axelar-bridged assets as privacy-focused “saTokens,” contained a critical flaw: essential validation checks for the source channel of incoming IBC packets had been disabled or commented out.
By self-relaying forged deposit packets over the attacker-controlled channel, the contract minted large quantities of unbacked saTokens.
These included substantial amounts of wrapped stablecoins and other assets such as USDT, USDC, WETH, WBTC, DAI, WBNB, and wstETH.
The attacker then redeemed the fake tokens through the legitimate Axelar-Secret IBC channel, draining the corresponding real assets held in escrow on the Axelar side.
Axelar’s emergency committee responded swiftly by disabling the Secret and Secret-SNIP bridge connections to contain any further damage.
The team notified relevant exchanges and law enforcement agencies while initiating a full investigation.
Secret Network also paused related bridging activity. A detailed post-mortem report is expected once the analysis concludes.
The breach highlights persistent risks in cross-chain infrastructure, where even isolated contract issues can lead to significant losses.
Bridge-related exploits have accounted for a large share of DeFi security incidents in recent years.
In this case, the rapid isolation prevented wider contagion across Axelar’s ecosystem.
Users who had bridged assets via this route may face temporary restrictions on withdrawals until the connection is restored or alternative paths are established.
Axelar emphasized that the core network continues to operate normally and that the incident did not impact other supported chains or protocols.
The event serves as a reminder of the importance of rigorous auditing for IBC-enabled contracts, especially modified implementations handling wrapped assets. Both Axelar and security researchers have pointed to the need for stricter source-channel validation in such bridges to maintain the integrity of cross-chain transfers.