Syndicate Labs Suffers Private Key Leak Attack, Cross-Chain Bridge Maliciously Upgraded Resulting in Transfer of Approximately 18.5 Million SYND

Odaily reported that Syndicate Labs disclosed a security incident: an attacker compromised the system via a private key leak and maliciously upgraded cross-chain bridge contracts on two chains, leading to the transfer of approximately 18.5 million SYND tokens and about $50,000 in user assets. The attack originated from a compromised development endpoint, where the attacker used production environment permissions to upgrade the bridge contracts to a malicious version. Other chains were not affected. The losses are as follows:

Commons Bridge: Approximately 18.5 million SYND were transferred and sold, valued at around $330,000.

Another Appchain: Approximately $50,000 in user assets were transferred.

Syndicate Labs stated that affected SYND holders will receive full compensation, plus additional overpayment, resulting in overall holdings higher than pre-incident levels. Users affected on the Appchain will also be fully reimbursed for their losses.