- Shiba Inu dev team partners with K9 Finance to create 50 ETH bounty program
- Attacker must provide detailed whitepaper disclosure and stop moving stolen tokens
- September 12 exploit drained $4.1 million across 17 different cryptocurrencies
The Shiba Inu ecosystem team has launched a bounty program offering attackers 50 ETH ($229,000) to return assets stolen during the September 12 Shibarium bridge exploit.
The initiative, created in partnership with K9 Finance, places the reward in a dedicated escrow contract while establishing specific conditions for payout.
The bounty requires attackers to prepare a comprehensive whitepaper disclosure detailing the complete exploit methodology. This documentation must include information about validator access methods, scripts and tools utilized, involved wallet addresses, transaction hashes, and prevention recommendations for future security improvements.
Flash Loan Attack Compromised Validator Network
The team’s updated analysis reveals that attackers executed a flash loan swap to acquire 4.6 million BONE tokens from ShibaSwap. These tokens were then delegated to Ryoshi Validator 1, granting the attackers more than two-thirds of validator voting power within the network’s consensus mechanism.
Using compromised internal validator keys, the attackers signed malicious state transitions that enabled the $4.1 million bridge drainage. On-chain records show theft of 17 different token types, including $1 million in ETH, $1.3 million in SHIB, $717,000 in KNINE, $680,000 in LEASH, and $260,000 in ROAR tokens.
The attackers have only liquidated their USDT and USDC holdings by converting them to ETH. They attempted seven unsuccessful sales of $700,000 worth of KNINE tokens before K9 Finance blocked the associated wallet addresses. The remaining stolen assets remain distributed across more than eight separate wallets.
Additional bounty conditions require attackers to cease moving compromised tokens immediately. Upon asset return and report verification, the escrow contract will release the 50 ETH reward to designated attacker wallets. The team has committed to avoiding legal action against compliant attackers, provided such waivers remain within legal boundaries.
However, the main bounty excludes KNINE tokens, which K9 Finance has already secured through separate measures. K9 Finance has issued its own 5 ETH bounty for KNINE token return after freezing over $700,000 worth of these assets.