Key Takeaways
The Shibarium bridge suffered a $2.4 million flash loan attack, compromising 10 of 12 validators, draining ETH and SHIB.
On the 13th of September, the Shibarium bridge, a key link between Shiba Inu [SHIB]’s Layer 2 network and Ethereum [ETH], was hit by a flash loan attack.
The exploit drained nearly millions, forcing Shiba Inu developers to swiftly restrict certain network activities as they worked to contain the fallout.
Remarking on the same, Shiba Inu’s official X (formerly Twitter) account noted,
“We are aware of the activity flagged by @peckshield and have engaged our internal team and external security partners to investigate thoroughly.”
Details of the exploit
The attacker executed a sophisticated flash loan-style attack on Shibarium, leveraging stolen bridge funds to manipulate the network’s consensus.
Within a single block, they used the siphoned assets to purchase 4.6 million BONE tokens, temporarily gaining validator voting power.
This move let them sign a malicious state on the network before repaying the loan with assets drained from the bridge, specifically 224.57 ETH and 92.6 billion SHIB.
The plot twist
Although the attacker stole these funds, the BONE tokens remain locked because validators still hold them, preventing immediate liquidation.
Further investigation revealed that the breach extended beyond the bridge, compromising 10 of 12 validator signing keys, while only K9 Finance and UnificationUND refused to validate the fraudulent state.
The attacker relied on the flash loan purchase to achieve the necessary two-thirds majority; without it, the exploit would have failed.
They drained ETH and SHIB and attempted to liquidate $700,000 in KNINE tokens, but K9 Finance DAO blocked the attempt.
Other tokens, including LEASH, ROAR, TREAT, BAD, and SHIFU, were untouched, though their future remained uncertain amid rising security concerns.
Steps taken by Shibarium’s developers
Soon after the exploit, Shibarium’s developers acted swiftly to contain the damage and protect community assets.
They paused staking and unstaking functions to prevent further vulnerabilities from being exploited.
The team transferred funds from proxy contracts to a more secure 6-of-9 hardware multisig wallet, ensuring that no single party could move assets unilaterally.
To strengthen the investigation, they partnered with leading blockchain security firms Hexens, Seal911, and PeckShield, tasking them with conducting a comprehensive forensic review of the breach.
Developers are now securing validator key transfers, confirming Shibarium’s integrity, protecting user assets, and coordinating with partners to freeze attacker-linked wallets.
Impact on BONE and SHIB
On the price front, the Shibarium exploit pushed BONE to surge sharply to $0.294 before it retraced to $0.2057. This marked a 12% daily drop, according to CoinMarketCap.
SHIB also slipped slightly, falling 1.01% to $0.00001393.
AMBCrypto’s recent analysis showed that SHIB still held above a key demand zone. However, the weekly chart indicated that bears may be regaining control.
With volatility mounting and investor confidence shaken, the community now faces a critical test. Can Shiba Inu’s developers restore stability before further sell-offs take hold?
