- Shiba Inu has launched a 50 ETH bounty program to recover millions in stolen Shibarium funds.
- The attacker must return all stolen tokens and submit a detailed whitehat disclosure report to claim the 50 ETH reward.
- The September 12 exploit drained $4.1 million after the hacker gained control of Shibarium validator keys using 4.6 million BONE.
The Shiba Inu ecosystem team has unveiled a 50 ETH ($229,000) bounty program to recover millions in tokens stolen during the September 12 Shibarium bridge exploit.
Partnering with K9 Finance, the team placed the reward in a dedicated escrow contract for the attacker, on the condition that all stolen tokens are returned to a specified recovery wallet.
The bounty covers assets including SHIB, ETH, LEASH, xFUND, Treat, FUND, DAI, WBTC, Bad Idea AI, ROAR, USDC, LTD, USDT, Shifu, and OSCAR. KNINE tokens are excluded as K9 Finance has already secured those holdings.
Conditions for the Shiba Inu Hacker
To claim the bounty, the attacker must not only return the stolen tokens but also provide a full whitehat disclosure report. The document must explain the exploit method, including how validator access was gained, the tools and scripts used, related addresses and transaction hashes, and recommended prevention steps.
If the attacker complies and ceases moving the compromised tokens, the Shiba Inu team promises to release the 50 ETH reward and issue a legal waiver where permitted by law. Separately, K9 Finance has offered a 5 ETH bounty for the frozen KNINE tokens worth more than $700,000.
Details of the Shibarium Exploit
According to the updated investigation, the hacker initiated a flash loan swap to purchase 4.6 million BONE from ShibaSwap. These tokens were delegated to Ryoshi Validator 1, giving the attacker over two-thirds of validator voting power. Using compromised validator keys, they signed a malicious state and drained $4.1 million from the bridge.
On-chain records show theft of 17 different tokens, including $1 million in ETH, $1.3 million in SHIB, $717,000 in KNINE, $680,000 in LEASH, and $260,000 in ROAR. Only the stolen USDT and USDC were converted to ETH before K9 Finance blocked attempts to offload $700,000 worth of KNINE.
Security Response and Next Steps
Developers believe the breach stemmed from compromised Shibarium validator keys, possibly through a developer’s machine or the server’s key management system.
In response, bridge operations were suspended, root chain manager access was revoked, and extra safeguards were added to the plasma bridge to prevent further withdrawals.
The Shiba Inu team pledged to strengthen internal security practices and enhance monitoring and alerts. A full post-mortem report will be published once the forensic analysis is complete, building on early findings from Tikkala Security and Pulse Digital that highlighted governance flaws and leaked keys.
Related: Shiba Inu Team Pushes ETF Case, Eyes Shibarium Growth and BONE Demand
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
Source: https://coinedition.com/shibarium-bridge-exploit-50-eth-bounty/