Axelar responds to security incident: Axelar and IBC unaffected, vulnerability stems from "infinite mint" issue in third-party token contract

Odaily Planet Daily News, Cross-chain protocol Axelar Network issued a statement regarding the recent Secret Network security incident, explaining that the community has misunderstood the event. Neither Axelar nor the Inter-Blockchain Communication Protocol (IBC) were attacked or compromised. The affected token smart contract was not developed, deployed, or maintained by Axelar. Axelar's firewall mechanism also prevented the impact from spreading to other chains.

According to reports, the exploited contract was a forked version based on the CW20-ICS20 implementation, but the developer removed two core security checks, leading to an "infinite mint" vulnerability. Because the verification mechanisms originally designed to prevent such issues were deleted, this fork altered the original trust model of the contract without undergoing a new security audit.

Axelar Network explained that anyone can deploy contracts for wrapping cross-chain assets via IBC. Similar contracts are also used to wrap tokens from other chains onto Secret Network. However, the Secret-side fork version involved in this incident had a vulnerability due to the removal of key security checks. This incident was not caused by a specific logic flaw or an issue inherent to the IBC protocol itself, but rather a security risk introduced by modifications made to a third-party contract.