Secret Network’s Axelar Bridge Drained for $4.67 Million in Infinite Mint Exploit That Went Unnoticed for Seven Days

A critical vulnerability in Secret Network’s Axelar bridge allowed an attacker to mint unlimited wrapped tokens and siphon $4.67 million before anyone noticed. The exploit, which went undetected for a full seven days, raises urgent questions about cross-chain bridge security and the monitoring infrastructure protecting billions in user funds across decentralized finance.

What Happened: Anatomy of the Infinite Mint Exploit

The attack targeted the Axelar bridge connecting Secret Network — a privacy-focused Layer 1 blockchain — to the broader cross-chain ecosystem. The attacker exploited a vulnerability that allowed them to mint an effectively unlimited supply of wrapped tokens on Secret Network without depositing corresponding collateral on the source chain. This class of vulnerability, known as an “infinite mint exploit,” has been responsible for some of the largest bridge hacks in crypto history.

By minting unbacked wrapped assets, the attacker was able to redeem them for legitimate tokens on the other side of the bridge, effectively draining real value from the protocol’s reserves. The total damage amounted to approximately $4.67 million — a significant sum that underscores the persistent risks associated with cross-chain bridge infrastructure.

Attack vector: Infinite mint vulnerability in the Axelar bridge’s token minting logic on Secret Network
Total funds drained: Approximately $4.67 million
Duration undetected: Seven full days before the exploit was identified
Affected protocol: Secret Network’s integration with Axelar’s cross-chain messaging and bridging infrastructure

Why Did It Take Seven Days to Detect the Breach?

Perhaps more alarming than the exploit itself is the fact that it went completely unnoticed for an entire week. In a market where on-chain analytics firms, MEV bots, and blockchain monitors track transactions in real time, a seven-day detection gap represents a serious failure in security monitoring.

Secret Network’s privacy-preserving architecture likely played a role in the delayed detection. Unlike transparent blockchains such as Ethereum, where every transaction is publicly visible and easily auditable, Secret Network uses encrypted smart contracts (known as “secret contracts”) that shield transaction data by default. While this privacy is a core feature for users, it also means that anomalous activity — such as the sudden minting of millions of dollars in unbacked tokens — is far harder to spot through conventional on-chain monitoring tools.

This incident highlights a fundamental tension in blockchain design: the trade-off between user privacy and protocol transparency. Privacy chains offer critical protections against surveillance and front-running, but they also create blind spots that attackers can exploit with extended impunity. The lack of real-time alerting systems capable of operating within privacy-preserving environments is a gap the industry must urgently address.

Cross-Chain Bridges Remain Crypto’s Weakest Link

This exploit adds to a growing and deeply concerning list of bridge-related security incidents. Cross-chain bridges have consistently proven to be the most vulnerable components in the DeFi stack, with billions of dollars lost across numerous high-profile attacks in recent years.

Ronin Bridge (2022): $625 million stolen in one of the largest crypto hacks ever
Wormhole (2022): $320 million drained through a signature verification exploit
Nomad Bridge (2022): $190 million lost in a chaotic free-for-all exploit
Multichain (2023): Over $125 million moved under suspicious circumstances

Bridges are inherently complex because they must coordinate state and value across two or more independent blockchains, each with its own consensus mechanism, security model, and execution environment. The smart contracts governing token minting, locking, and redemption on each chain must remain perfectly synchronized — and any discrepancy in validation logic can become an attack surface. Axelar, which serves as a general-purpose cross-chain communication protocol, connects dozens of blockchains and processes significant volume, making any vulnerability in its integrations a high-stakes concern.

Vitalik Buterin himself has warned about the fundamental security limitations of cross-chain bridges, noting that they cannot inherit the full security guarantees of either chain they connect. This latest exploit serves as yet another data point validating those concerns.

Implications for Secret Network, Axelar, and the Broader DeFi Ecosystem

The fallout from this exploit will likely be felt across multiple fronts. For Secret Network, the incident raises questions about the robustness of its bridge integrations and whether additional safeguards — such as mint caps, rate limiting, or delayed finality checks — should have been in place to prevent or contain such an attack.

For Axelar, the exploit puts scrutiny on its security validation process for partner chain integrations. As a cross-chain protocol that positions itself as a secure and decentralized interoperability layer, any exploit involving its infrastructure erodes confidence among users and developers who rely on it to move assets safely across ecosystems.

The broader DeFi community should take several lessons from this incident:

Monitoring on privacy chains needs innovation: Privacy-preserving blockchains require purpose-built anomaly detection systems that can flag suspicious patterns without compromising user confidentiality
Bridge contracts need circuit breakers: Automated pause mechanisms triggered by unusual minting volumes or redemption patterns could have limited the damage
Audit coverage must extend to integrations: Smart contract audits often focus on individual protocols in isolation, but bridge exploits frequently occur at the seams between two systems
Time-delayed withdrawals can save millions: Implementing mandatory cooling periods for large bridge transactions gives security teams time to intervene before funds are irreversibly lost

Conclusion

The $4.67 million Secret Network–Axelar bridge exploit is a stark reminder that cross-chain infrastructure remains one of the most dangerous attack surfaces in decentralized finance. The fact that the infinite mint vulnerability went undetected for seven days amplifies the severity of the incident and exposes critical gaps in how the industry monitors privacy-focused blockchain environments.

As DeFi continues to mature and cross-chain interoperability becomes increasingly essential, protocols, developers, and users must demand higher security standards for bridge infrastructure. If you’re actively using cross-chain bridges, take time to review the security practices of the protocols you rely on. Diversify your exposure, avoid leaving large sums in bridge contracts unnecessarily, and stay informed about the latest security developments. In crypto, staying vigilant isn’t optional — it’s survival.

Original reporting by Zack Abrams via
TheBlock

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency investments carry significant risk. Always do your own research (DYOR) before making any investment decisions. We are not responsible for any financial losses incurred.