Axelar Response to Security Incident: Axelar and IBC Unaffected; Vulnerability Stemmed from "Infinite Mint" Issue in Third-Party Token Contract

Odaily reported that cross-chain protocol Axelar Network has issued a statement regarding the recent security incident related to Secret Network. The community has misconceptions about the incident. Neither Axelar nor the Inter-Blockchain Communication Protocol (IBC) was attacked or compromised. The affected token smart contract was not developed, deployed, or maintained by Axelar. Furthermore, Axelar's firewall mechanism prevented the impact from spreading to other chains.

It is understood that the exploited contract was a forked version based on the CW20-ICS20 implementation. However, the developers removed two core security checks, leading to an "infinite mint" vulnerability. Due to the deletion of the verification mechanism originally designed to prevent such issues, this fork altered the original trust model of the contract without undergoing a new security audit.

Axelar Network explained that anyone can deploy contracts via IBC for wrapping cross-chain assets. Similar contracts are also used to wrap tokens from other chains onto Secret Network. However, the forked version on the Secret side in this incident had vulnerabilities because critical security checks were removed. This incident was not a specific logical flaw nor a problem with the IBC protocol itself, but rather a security risk introduced by modifications to a third-party contract.