Shiba Inu’s layer-2 network, Shibarium, experienced a significant security breach that has raised concerns among its community and stakeholders. A coordinated exploit took place, wherein an attacker utilized a flash loan to take control of a validator, subsequently draining assets from its bridge and leading to a temporary suspension of staking operations.
According to Kaal Dhariya, a developer associated with Shibarium, the attacker acquired 4.6 million BONE tokens, the governance token for the network, through a flash loan. With the substantial amount of BONE acquired, the attacker managed to access the validator signing keys, thereby achieving majority validator power. This power enabled the attacker to sign a fraudulent network state and siphon assets from the Shibarium bridge, which serves as a link between Shibarium and the Ethereum network.
Due to the nature of BONE being staked and the associated unstaking delay, the stolen funds remain locked. This situation provides developers with a limited timeframe to respond and potentially freeze the assets. In light of this incident, the Shibarium team has decided to pause all staking and unstaking functionalities and has relocated remaining funds into a hardware wallet secured by a 6-of-9 multisig setup. Furthermore, an internal investigation into the breach has been initiated.
The investigation is still in its early stages, and it remains uncertain whether the exploit was due to a compromised server or a developer machine. While the total losses have not been officially reported, transaction data indicates that the damages could be close to $3 million.
In response to the incident, the development team is collaborating with security firms Hexens, Seal 911, and PeckShield. They have also engaged law enforcement agencies regarding the breach. Notably, Dhariya mentioned that the team is open to negotiating with the attacker, expressing a willingness to avoid legal action if the funds are returned, along with the consideration of a small bounty as an incentive for the return.
In the aftermath of the exploit, the price of BONE surged sharply, initially doubling in value before experiencing a correction which left it still gaining around 40%. Additionally, SHIB, another token associated with the Shiba Inu ecosystem, saw a rise of more than 8%. The incident underscores the vulnerabilities within decentralized finance platforms and highlights ongoing security concerns in this rapidly evolving domain.
