Secret Network’s bridge to Axelar suffered a catastrophic exploit — approximately $4.67 million was drained, and nobody noticed for seven whole days.
The attack exploited a vulnerability in the bridge’s infinite mint mechanism, allowing the attacker to generate tokens at will. By the time the Secret Network team discovered the breach, the damage was already done.
Here’s where it gets frustrating: about $770,000 of the stolen funds is still sitting in an Axelar wallet that the attacker hasn’t touched. Secretariat Network asked Axelar to freeze those funds, but Axelar declined. So the money just sits there, visible to anyone watching, completely untouchable by the team that lost it.
A week-long detection gap in a major bridge is embarrassing but not unusual. Cross-chain bridges are notoriously difficult to monitor because they span multiple ecosystems simultaneously. Each chain has its own monitoring tools, and the glue between them often falls through the cracks.
Secret Network, which focuses on privacy-preserving smart contracts, now faces tough questions about its security posture. A platform built on the premise of trust and privacy just left a hole in its infrastructure big enough to drive millions through.
This incident also highlights a broader problem in crypto: the lack of enforceable accountability when exploits happen on decentralized bridges. Axelar’s refusal to freeze funds isn’t malicious — it’s just how decentralized systems work. Nobody has the unilateral power to act, which is great for censorship resistance and terrible for incident response.
Users who had assets locked in the Secret Network-Axelar bridge are left in limbo, hoping the team can negotiate some form of recovery or compensation. That $770K sitting in limbo might serve as a small consolation, but it’s a fraction of the total loss.
The takeaway: Cross-chain bridges remain one of the weakest links in crypto infrastructure. Until monitoring and emergency response mechanisms catch up, expect more incidents like this.
Source: The Block
