|

Shiba Inu’s Layer 2 Shibarium Targeted in Flash Loan Attack, Nearly $3M Drained

🚨

Shiba Inu’s Layer 2 community, Shibarium, got here beneath hearth on Friday after a coordinated flash mortgage assault exploited its bridge to Ethereum, draining practically $3 million in tokens and triggering an emergency developer response.

(*2*)

Key Takeaways:

  • Shibarium’s bridge was exploited in a flash mortgage assault, draining practically $3 million in ETH, SHIB, and KNINE tokens.
  • The attacker gained two-thirds validator management by flash-loaning 4.6M BONE, enabling them to finalize fraudulent checkpoints.
  • Developers paused staking and introduced in safety corporations, whereas hinting at a possible bounty provide if the funds are returned.

According to Shiba Inu developer Kaal Dhairya, the attacker used a flash mortgage to borrow 4.6 million BONE, the governance token of Shibarium, and managed to achieve entry to 10 out of 12 validator signing keys.

That management gave them the two-thirds consensus required to finalize fraudulent checkpoints on the community’s consensus layer, Heimdall.

Shibarium Attacker Drains $2.4M in ETH and SHIB

With majority management in place, the attacker proceeded to empty round 224.57 ETH and 92.6 billion SHIB tokens from the Shibarium bridge contract, collectively price roughly $2.4 million on the time.

An additional $700,000 in KNINE tokens tied to K9 Finance had been additionally impacted. However, K9 Finance’s DAO moved swiftly to blacklist the attacker’s deal with, rendering the KNINE tokens unsellable.

In response to the breach, Shibarium builders halted staking and unstaking throughout the community.

Because the attacker’s borrowed BONE tokens stay topic to an unstaking delay, builders had been in a position to freeze the place earlier than full exit, successfully locking the attacker out of validator management in the intervening time.

Dhairya described the exploit as “refined” and advised it was possible “deliberate for months.”

He confirmed that legislation enforcement has been contacted and that safety corporations Hexens, Seal 911, and PeckShield at the moment are concerned in the investigation.

He additionally left the door open to negotiations, stating that if the attacker returns the funds, a bounty may be thought of in lieu of authorized motion.

Community researcher Zilayo on X supplied a technical breakdown of the incident, pointing to suspicious validator conduct tied to Ryoshi Labs.

The fraudulent checkpoint was signed by 10 validators who managed round 40% of the stake.

Once the attacker delegated the flash-loaned BONE to Ryoshi’s validator, the weighted stake surpassed 66%, enabling a full consensus takeover.

The worth of BONE spiked in the speedy aftermath of the assault, briefly rising from $0.165 to $0.294 earlier than settling again round $0.202.

SHIB, in the meantime, is up 4.5% in the previous 24 hours, pushed in half by renewed consideration following the breach.

Bitcoin Hacks, Thefts Cost Investors $2.2B in H1 2025: CertiK

Crypto traders lost over $2.2 billion to hacks, scams, and breaches in the primary half of 2025, pushed largely by pockets compromises and phishing assaults, in accordance with CertiK’s newest safety report.

Wallet breaches alone brought about $1.7 billion in losses throughout simply 34 incidents, whereas phishing scams accounted for over $410 million throughout 132 assaults.

Two main incidents, together with Bybit’s $1.5 billion hack in February and Cetus Protocol’s $225 million exploit in May, skewed the 12 months’s losses upward, collectively accounting for practically $1.78 billion.

Without these, losses align extra carefully with earlier years at round $690 million.

Ethereum remained the first goal, struggling over $1.6 billion in losses throughout 175 occasions.

The submit Shiba Inu’s Layer 2 Shibarium Targeted in Flash Loan Attack, Nearly $3M Drained appeared first on Cryptonews.

Similar Posts