Axelar Issues Statement on Security Incident: Axelar and IBC Unaffected, Vulnerability Originates from "Infinite Mint" Issue in Third-Party Token Contract

Odaily Planet Daily News: Cross-chain protocol Axelar Network has issued a statement regarding the recent security incident related to Secret Network, clarifying that there is a misunderstanding within the community. Neither Axelar nor the Inter-Blockchain Communication Protocol (IBC) was attacked or compromised. The affected token smart contract was not developed, deployed, or maintained by Axelar. Furthermore, Axelar's firewall mechanism prevented the impact from spreading to other chains.

It is reported that the exploited contract was a fork based on the CW20-ICS20 implementation, but the developers removed two core security checks, leading to an "infinite mint" vulnerability. By deleting the verification mechanisms originally designed to prevent such issues, this fork altered the contract's original trust model and was not subjected to a new security audit.

Axelar Network explained that anyone can deploy contracts via IBC for wrapping cross-chain assets, and similar contracts are used to wrap tokens from other chains onto Secret Network. However, the specific fork on the Secret side in this incident contained a vulnerability due to the removal of critical security checks. This incident was not caused by an inherent logic flaw or an issue with the IBC protocol itself, but rather a security risk introduced by modifications made to the third-party contract.