Axelar Responds to Security Incident: Axelar and IBC Unaffected, Vulnerability Stemmed from "Infinite Mint" Issue in Third-Party Token Contract

Odaily reports, Cross-chain protocol Axelar Network issued a statement regarding the recent security incident related to Secret Network, clarifying that there is a misunderstanding within the community. Neither Axelar nor the Inter-Blockchain Communication Protocol (IBC) was attacked or compromised. The affected token smart contract was not developed, deployed, or maintained by Axelar, and Axelar's firewall mechanism prevented the impact from spreading to other chains.

It is reported that the exploited contract was a forked version based on the CW20-ICS20 implementation, but the developers removed two core security checks, leading to an "infinite mint" vulnerability. Due to the removal of verification mechanisms originally designed to prevent such issues, this fork altered the original trust model of the contract and had not undergone new security audits.

Axelar Network explained that anyone can deploy contracts via IBC for wrapping cross-chain assets, and similar contracts are also used to wrap tokens from other chains onto Secret Network. However, the Secret-side fork version involved in this incident contained vulnerabilities due to the deletion of critical security checks. This incident was not a specific logic flaw nor a problem with the IBC protocol itself, but rather a security risk introduced by modifications to a third-party contract.