The Shibarium bridge, which connects the Layer 2 network by the same name to Ethereum, was targeted by a flash loan attack on Friday, which drained $2.4 million in ETH and SHIB and led Shiba Inu developers to restrict certain activities on the network.
The attacker borrowed 4.6 million BONE tokens, the governance token of Shibarium, using a flash loan and seemingly gained access to 10 of 12 validator signing keys that secure the network, giving themself a two-thirds majority stake. The attacker then used their privileged position to drain approximately 224.57 ETH and 92.6 billion SHIB from the Shibarium bridge contract, transferring those funds out to their own address. The funds are worth about $2.4 million at current prices.
In response to the attack, Shiba Inu developers paused staking and unstaking functions on the network, effectively freezing the borrowed BONE tokens, which were already subject to an unstaking delay, and locking the attacker out of their majority control. The attacker also ended up with a large quantity of K9 (KNINE) tokens (associated with K9 Finance) worth roughly $700,000. When the attacker attempted to sell off the KNINE, the K9 Finance DAO intervened by blacklisting the exploiter’s address, rendering those tokens unsellable.
Kaal Dhairya, a top developer in the memecoin's ecosystem, called the flash loan attack "sophisticated" and speculated it was "probably planned for months," in a post on X. Dhairya added that law enforcement has been contacted, but the Shiba Inu developers are open to paying a bounty to the attacker if they return the funds. The Shiba Inu developers also brought in Hexens, Seal 911, and PeckShield to investigate the incident.
The price of BONE surged following the attack, rising from about $0.165 on Friday at 17:00 UTC to $0.294 one hour later, according to The Block's Bone ShibaSwap Price page. The token's price then dipped, and currently trades around $0.202. The price of SHIB is up 4.5% in the past 24 hours, according to The Block's Shiba Inu Price page.
