$815K gone in 7 minutes – Inside Ethereum’s Alephium TokenBridge exploit

2 hours ago

0 0 1 minute read

5 months into 2026, and the assaults proceed. Blockaid, a blockchain safety firm, found a brand new exploit focusing on Ethereum’s Alephium TokenBridge on the thirtieth of Could.

Based on the investigation, three out of 4 compromised guardian keys that signed cast VAAs (Verified Motion Approvals) had been used to empty $815,000 in seven minutes.

How had been guardian keys compromised?

For context, the Alephium TokenBridge is a bridge that hyperlinks Ethereum and the Alephium blockchain.

When customers change from Alephium to Ethereum [ETH], the actual ALPH is locked on a single chain. Transferring forward, Ethereum is used to mint a wrapped model (wALPH).

Earlier than permitting the mint to proceed, three guardians of the bridge verify that the lock was certainly made. Moreover, to confirm cross-chain transfers, the system makes use of guardian signatures.

For a switch message to be accepted by the bridge, three of the 4 guardians need to signal it. Nonetheless, within the Alephium TokenBridge assault, the three guardian personal keys had been by some means obtained by the attackers.

After acquiring these keys, they fabricated phony bridge messages generally known as VAAs and made them appear genuine.

The ‘minting’ twist

Along with minting ALPH, the solid VAAs gave the bridge directions to launch belongings that had been already arrested.

On account of the attackers’ convincing the bridge that there had been legitimate withdrawals, Tether [USDT], USD Coin [USDC], Wrapped Bitcoin (WBTC), and Wrapped Ether (WETH) had been unlocked.

With out making an actual ALPH deposit, the attackers made 13.76 million wrapped ALPH. Based on Blockaid, this was greater than 100% of the beforehand obtainable wrapped provide.

In different phrases, the attacker basically produced an unlimited amount of ALPH-backed belongings out of skinny air.

Related assaults prior to now

This resembles the Wormhole Bridge Exploit, by which attackers created belongings that had been by no means backed by collateral and cast bridge messages.

Moreover, this adopted a current assault on the Verus-Ethereum bridge, which depleted roughly $11.58 million.

Ultimate Abstract

On this assault, three out of 4 compromised guardian keys resulted within the drain of $815,000 in simply seven minutes.
The attackers minted 13.76 million wrapped ALPH with out really depositing any ALPH.

Source link

$815K gone in 7 minutes – Inside Ethereum’s Alephium TokenBridge exploit

How had been guardian keys compromised?

The ‘minting’ twist

Related assaults prior to now

Ultimate Abstract

Leave a Reply Cancel reply

MetaMask and Blockaid partner to develop “privacy-preserving module” to enhance web3 security

peaq Connects with Over 30 Web3 Ecosystems: Unlocks Billions in Liquidity

Runestone NFT Floor Price Crashes to 0.03 BTC After Meme Coin Airdrop

Four Major Web3 Gaming Projects Shutdown in One Week

Fast-Paced Battles Coming to Big Time PvP Mode

How had been guardian keys compromised?

The ‘minting’ twist

Related assaults prior to now

Ultimate Abstract

ASTER hits a 2-month high - Are whales betting on a move to $0.90?

Sui Network Hits Third Transaction Halt in 48-Hour Outage Wave

Leave a Reply Cancel reply

Related Articles

Bitmine adds 25K ETH – Institutional confidence in Ethereum remains strong

Is Ethereum’s volatility shock coming? What to expect as sell pressure deepens

Ethereum Price Falls, But Whales Push Holdings To 10-Week High

Ethereum whales hit 10-week accumulation high: Will ETH finally break out?