Syscoin Releases Bridge Security Incident Report: Tokens Destroyed After Recovery, Cross-Layer Parsing Flaw to Be Fixed

Odaily reported that Syscoin has released a security incident report detailing the UTXO-to-NEVM bridge vulnerability. The incident led to the unauthorized release of approximately 5 billion SYS tokens on the UTXO side. The relevant funds were subsequently returned to the official recovery address and destroyed via the standard OP_RETURN method, rendering them unusable by the protocol again. The on-chain reported SYS supply has returned to expected levels. Bridge functionality is currently suspended as the team completes its final review and fixes.

Syscoin noted that it will fix the cross-layer parsing flaw, with the core lesson being that cross-layer systems must uniformly normalize data, and any ambiguous bridge proof should default to failure.