Shibarium Bridge Suffers $2.4 Million Flash Loan Attack
The Shibarium bridge, linking Shiba Inu’s Layer 2 network to Ethereum (ETH), was hit by a flash loan attack on Friday. The attacker stole about $2.4 million in ETH and Shiba Inu (SHIB) tokens. Following the breach, developers paused staking and unstaking on the network to prevent further damage.
Details of the Attack
Shiba Inu developers explained that the attacker borrowed 4.6 million BONE tokens, Shibarium’s governance token, through a flash loan. This gave the attacker control over 10 of 12 validator keys, securing a two-thirds majority on the network.
Using this control, the attacker withdrew 224.57 ETH and 92.6 billion SHIB from the bridge. They also took KNINE tokens worth about $700,000 from K9 Finance. However, the K9 Finance DAO quickly blacklisted the attacker’s wallet, blocking any attempts to sell the stolen KNINE tokens.
Kaal Dhairya, a lead developer in the Shiba Inu ecosystem, called the attack “sophisticated (probably planned for months).” He confirmed that authorities have been notified and said the team may offer a bounty if the stolen funds are returned.
Developer Response and Security Measures
- The team paused staking and unstaking, freezing the borrowed BONE tokens due to existing unstaking delays.
- Stake manager funds were moved to a hardware wallet controlled by a trusted 6-of-9 multisig team for added security.
- Security firms Hexens, Seal 911, and PeckShield were hired to investigate the breach.
Dhairya noted that the breach’s source remains unclear. It is unknown whether a server or developer machine was compromised. The team is currently in “damage control mode.”
Market Reaction
The attack caused BONE’s price to spike from $0.165 to $0.294 within an hour, before settling near $0.202. It later dropped 5% to $0.19. SHIB rose 4.5% in the 24 hours after the attack but is now down 5%.
Shiba Inu developers assured the community that all stake manager funds will be fully restored once validator control is secured and key transfers are complete.
