What Is an Infinite Mint Exploit? Lessons From the $4.67 Million Secret Network Hack
Estimated Reading Time: 4 minutes
Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment and you are unlikely to be protected if something goes wrong. Take 2 minutes to learn more
- Hacker exploits bridge flaw, drains $4.67M in crypto.
- Infinite-mint bug allowed creation of unbacked tokens.
- Secret–Axelar bridge suspended pending investigation.
Cross-chain bridges are supposed to move crypto assets safely between blockchains. But when a bridge’s security fails, attackers can create assets out of thin air. That’s exactly what happened in the recent Secret Network–Axelar exploit, where a hacker drained roughly $4.67 million worth of crypto through an “infinite mint” vulnerability.
What Happened?
The attack targeted a bridge connecting Secret Network and Axelar.
A bridge normally allows users to move assets from one blockchain to another by locking the original asset and issuing a wrapped version on the destination chain.
For example:
- Real USDT gets locked.
- Wrapped USDT (saUSDT) gets created.
- Users can later redeem the wrapped token for the real one.
The problem was that the bridge contained a flaw that allowed someone to create wrapped tokens without locking any real assets.
Understanding the “Infinite Mint” Exploit
An infinite mint exploit occurs when a bug allows attackers to create unlimited tokens.
In this case, the attacker discovered that the bridge contract failed to properly verify where transfer messages were coming from.
Because of this oversight, the hacker was able to trick the bridge into believing fake transactions were legitimate.
The result was the creation of unbacked tokens, including:
- saUSDT
- saUSDC
- saDAI
- saWETH
- saWBTC
- saWBNB
- sawstETH
These tokens had no real collateral backing them.
How the Hacker Stole Real Money
The attacker didn’t stop at creating fake tokens.
After minting the counterfeit assets, he used the legitimate Axelar bridge route to redeem them for real cryptocurrencies held in escrow.
In simple terms:
- Fake wrapped tokens were created.
- The bridge treated them as genuine.
- The attacker exchanged them for real crypto.
- About $4.67 million was drained from the system.
Why Nobody Noticed for Seven Days
One of the most surprising aspects of the incident is that the attack began on June 10 but wasn’t discovered until June 17.
This delay was largely attributed to Secret Network’s privacy-focused design, which encrypts transaction details by default.
The exploit only came to light after a transfer unexpectedly failed, prompting an investigation.
Emergency Response
Once the breach was identified, Axelar moved quickly.
Its emergency committee disabled connections between Axelar and Secret Network, effectively shutting down the bridge to prevent further losses.
Both teams are now:
- Investigating the exploit.
- Coordinating with exchanges.
- Working with law enforcement.
- Assessing potential recovery options.
What Investors Should Watch Next
Three developments are especially important:
1. The Full Post-Mortem
Both teams are expected to release more detailed explanations of exactly how the exploit occurred.
2. Compensation Plans
Affected holders of the compromised saTokens will want clarity on whether losses will be reimbursed.
3. Security Upgrades
Before the bridge reopens, investors should expect additional audits, stronger verification checks, and new safeguards designed to prevent similar attacks.
Key Takeaway
The Secret Network–Axelar exploit highlights one of crypto’s biggest security risks: cross-chain bridges. A simple verification flaw allowed an attacker to mint fake assets and exchange them for real funds, resulting in a $4.67 million loss. The incident serves as another reminder that even established blockchain infrastructure can become vulnerable when critical security checks fail.
