Axelar and Secret Network confirm a 4.67 million bridge exploit

Axelar (@axelar), a decentralized interoperability network, has disclosed a security incident involving approximately $4.67 million worth of tokens bridged via IBC to Secret Network (@SecretNetwork), targeting assets transferred from the Axelar chain.

The vulnerability was isolated to the Secret-side ICS-20 smart contract within the Cosmos IBC connection between the two chains, a contract responsible for handling assets bridged from Axelar to Secret. Because Secret Network is a privacy-focused blockchain, transaction details and balances are encrypted, making the exploit transaction invisible on-chain.

Connections Disabled, Exchanges and Law Enforcement Contacted

The Axelar emergency committee acted upon discovery of the incident, immediately disabling both the Secret and Secret-SNIP connections to prevent further unauthorized transfers. The team is now actively coordinating with relevant exchanges and law enforcement agencies to track the stolen funds and support recovery efforts.

Axelar emphasized that the incident is isolated to assets on Secret that were bridged over IBC from Axelar, and confirmed its broader infrastructure remains secure and operational.

Damage Contained, Post-Mortem Pending

The issue did not affect Axelar's core protocol, other IBC connections, or native Secret tokens. Both teams say a full post-mortem is forthcoming.

The incident follows a pattern of cross-chain bridge vulnerabilities seen across the industry in 2026. As one analyst noted, the hard part of bridge security is not the messaging layer, but ensuring nothing happens until authenticity is fully proven. Custom receiver contracts, which handle inbound cross-chain messages on behalf of protocols, continue to represent the highest-risk surface in DeFi when validation logic is insufficiently hardened.

Sources:The Crypto Times: $4.67M Exploit Hits Axelar-Secret Network Bridge, Links DisabledDecrypt: CrossCurve Threatens Legal Action After $3M Cross-Chain Bridge Exploit