The Shibarium bridge, a layer-2 scaling solution for the Shiba Inu ecosystem, was recently targeted in a sophisticated flash loan attack, resulting in the drainage of approximately $2.4 million, according to the report by Coinidol.com.
The attack exploited a vulnerability that allowed the hacker to gain temporary control over a majority of the network’s validators.
How the attack unfolded
The exploit began when the attacker used a flash loan to borrow 4.6 million BONE tokens, which are the governance tokens for the Shibarium network. This maneuver gave the attacker a two-thirds majority of the validator voting power. The maneuver is vividly seen on the BONE price chart (below). With this control, the attacker was able to approve a malicious transaction, draining assets including 224.57 ETH and 92.6 billion SHIB tokens from the bridge. These stolen funds were then used to repay the flash loan.
The attack affected both
SHIB and BONE prices. Currently SHIB is trading at $0.0000130, and BONE is $0.19336.
Aftermath and response
Following the attack, the Shiba Inu team acted swiftly. They paused staking and unstaking functions to prevent further losses and secured the remaining funds in a multisig cold storage wallet. They also brought in blockchain security firms, including Hexens and PeckShield, to conduct a forensic investigation into the breach.
Additionally, a large amount of stolen K9 tokens, worth approximately $700,000, was rendered unsellable after the K9 Finance DAO blacklisted the hacker’s wallet address. This action effectively froze the tokens and prevented the attacker from cashing them out.
The Shiba Inu team has also indicated they are open to negotiating with the hacker, offering a potential bounty for the return of the stolen assets.
Bold attacks
Brazen attacks are becoming more frequent. Last week Coinidol.com reported on the attack on the Venus Protocol. The incident began when hackers exploited a vulnerability, though the platform itself was not breached. The stolen funds were quickly identified, and the Venus community and development team mobilized to propose an emergency measure. Read full story on how Venus Protocol successfully recovered millions stolen.