Secret Network bridge exploited for $4.7M with ‘infinite mint’ bug

The Secret Network bridge was exploited for $4.7 million due to an "infinite mint" bug that remained undetected for approximately one week. The attacker successfully transferred the stolen funds to the Ethereum network before moving them to cryptocurrency exchanges. This vulnerability allowed the hacker to arbitrarily mint an unlimited supply of the bridge's native token, Secret (SEFI), which was then swapped for other cryptocurrencies. The exploit was first identified on March 13, 2024, by blockchain security firm PeckShield. The attacker reportedly began moving funds out of the bridge shortly after the exploit, with a significant portion of the stolen assets being routed through the decentralized exchange Uniswap on Ethereum. The Secret Network team has acknowledged the incident and is investigating the full extent of the breach and its impact on users. This event highlights ongoing security challenges within the decentralized finance (DeFi) ecosystem, particularly concerning cross-chain bridges which are frequent targets for malicious actors.