Shiba Inu’s layer-2 network, Shibarium, was hit by a coordinated exploit that saw an attacker use a flash loan to gain control over a validator, drain assets from its bridge and trigger a temporary shutdown of staking operations.
The attacker, according to Shibarium developer Kaal Dhariya, bought 4.6 million BONE, the governance token of Shiba Inu’s layer-2 network, using a flash loan. The attacker then gained access to validator signing keys to achieve the majority validator power.
With that power, the attacker signed a fraudulent network state and siphoned assets from the Shibarium bridge, which connects it to the Ethereum network.
Since the BONE is still staked and subject to an unstaking delay, the funds remain locked, giving developers a narrow window to respond and freeze the funds, Dhariya said.
The Shibarium team has now paused all stake and unstake functionality, moved remaining funds into a hardware wallet protected by a 6-of-9 multisig setup and launched an internal investigation.
It’s still unclear whether the breach stemmed from a compromised server or a developer machine. While total losses haven’t been advanced, transaction data suggests they’re near $3 million.
The team is working with security firms Hexens, Seal 911 and PeckShield, and has alerted law enforcement. But developers also extended a peace offering to the attacker.
“Authorities have been contacted. However, we are open to negotiating in good faith with the attacker: if the funds are returned, we will not press any charges and are willing to consider a small bounty,” Dhariya wrote on X.
The price of BONE jumped immediately after the attack and at one point saw its value more than double, before a correction saw it move to a gain of around 40% since the exploit. SHIB is up more than 8%.
#BONE #Price #Surges #Shibarium #Flash #Loan #Exploit