{"id":10690,"date":"2025-09-14T19:12:08","date_gmt":"2025-09-14T19:12:08","guid":{"rendered":"https:\/\/bitunikey.com\/news\/shibarium-bridge-exploited-2-4m-lost-in-complex-flash-loan-attack\/"},"modified":"2025-09-14T19:12:34","modified_gmt":"2025-09-14T19:12:34","slug":"shibarium-bridge-exploited-2-4m-lost-in-complex-flash-loan-attack","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/shibarium-bridge-exploited-2-4m-lost-in-complex-flash-loan-attack\/","title":{"rendered":"Shibarium bridge exploited, $2.4m lost in complex flash loan attack\u00a0"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">Shiba Inu\u2019s Shibarium bridge suffered a $2.4 million flash loan attack on Friday, giving the exploiter control of 10 of 12 validator keys and allowing them to drain ETH and SHIB tokens from the network. <\/p>\n<p class=\"is-style-default\">Developers quickly paused certain functions, secured remaining funds in a multisig hardware wallet, and are working with security firms to investigate the breach, which underscores the growing risk facing cross-chain bridges in DeFi.<\/p>\n<div id=\"cn-block-summary-block_c681eb568529ae50441f20bb3dff62ea\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Shibarium bridge hacked, $2.4m in ETH and SHIB drained via flash loan exploit<\/li>\n<li>Hacker used 4.6m BONE loan, gained validator control, drained bridge contract<\/li>\n<li>Devs paused network, secured funds in multisig, and work with security firms<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>The exploit forced Shiba Inu (SHIB) developers to halt certain network activities while they assessed the damage.<\/p>\n<p>The attacker borrowed 4.6 million BONE (BONE) tokens through a flash loan and gained access to 10 of 12 validator signing keys securing the network.<\/p>\n<p>This gave the exploiter a two-thirds majority stake and allowed them to drain approximately 224.57 ETH (ETH) and 92.6 billion SHIB from the bridge contract before transferring the funds to their own address.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<h3 class=\"wp-block-heading\">Shiba Inu dev: Attack was planned for months<\/h3>\n<p>Shiba Inu developer Kaal Dhairya <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/kaaldhairya\/status\/1966758608940515671\" target=\"_blank\" rel=\"nofollow\">described<\/a> the incident as a \u201csophisticated\u201d attack that was \u201cprobably planned for months.\u201d <\/p>\n<p>The attacker used their privileged position to sign malicious state changes and extract assets from the bridge infrastructure.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\ud83d\udea8 Shibarium Bridge Security Update \ud83d\udea8<\/p>\n<p>Earlier today, a sophisticated ( probably planned for months ) attack was carried out using a flash loan to purchase 4.6M BONE. The attacker gained access to validator signing keys, achieved majority validator power, and signed a malicious\u2026<\/p>\n<p>\u2014 Kaal (@kaaldhairya) <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/twitter.com\/kaaldhairya\/status\/1966758608940515671?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"nofollow\">September 13, 2025<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>The Shibarium team moved quickly to contain the breach, pausing stake and unstake functionality as a precautionary measure.<\/p>\n<p>They transferred stake manager funds from the proxy contract into a hardware wallet controlled by a trusted 6-of-9 multisig setup.<\/p>\n<p>The borrowed BONE tokens used in the attack remain locked in Validator 1 due to unstaking delays. This allows developers to freeze those funds. This delay mechanism may prevent the attacker from fully profiting from their exploit.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<h3 class=\"wp-block-heading\">Shibarium is under damage control mode<\/h3>\n<p>Developer Dhairya noted they are currently in \u201cdamage control mode\u201d and haven\u2019t decided whether the breach originated from a compromised server or developer machine. The team is working with security firms Hexens, Seal 911, and PeckShield to investigate the incident.<\/p>\n<p>Authorities have been contacted about the attack, but the team remains open to negotiations. They offered not to press charges if the funds are returned and indicated willingness to pay a small bounty for the assets\u2019 recovery.<\/p>\n<p>Cross-chain bridges have become prime targets for hackers due to their complex security models and large fund pools. The Shibarium incident joins a growing list of bridge exploits that have cost the DeFi ecosystem billions in losses.<\/p>\n<p>The team plans to restore stake manager funds once secure key transfers are completed and validator control integrity is verified.<\/p>\n<p>Full network functionality will resume only after confirming the extent of any validator key compromise and implementing additional security measures.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Shiba Inu\u2019s Shibarium bridge suffered a $2.4 million flash loan attack on Friday, giving the exploiter control of 10 of 12 validator keys and allowing them to drain ETH and&hellip;<\/p>\n","protected":false},"author":1,"featured_media":9892,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-10690","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/10690","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=10690"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/10690\/revisions"}],"predecessor-version":[{"id":10691,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/10690\/revisions\/10691"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/9892"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=10690"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=10690"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=10690"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}