Shibarium Bridge was hit by a flash loan attack, resulting in approximately $2.4 million worth of ETH and SHIB being stolen; the platform has released an update on the incident and implemented emergency measures to limit unauthorized transactions and protect assets.
Shibarium limited some bridging activities, tightened Staking mechanisms, rotated authentication keys, and transferred contract control to a multi-party hardware custody solution, while increasing monitoring and hiring security experts to respond.
- Shibarium Bridge was attacked by flash loan, loss of about 2.4 million USD (ETH and SHIB).
- Restrict trading, tighten Staking rights, restore and protect BONE at risk.
- Rotate signers, move to multi-party hardware custody, real-time monitoring, and hire security experts.
Incident Summary
The bridge between Shibarium (Layer 2) and Ethereum was exploited using flash loan technique, causing a decrease of about 2.4 million USD including ETH and SHIB.
The incident occurred due to a vulnerability in the transaction/ Staking process on the bridge; this allowed an attacker to execute a chain of transactions in a block to withdraw assets before the system stabilized.
Shibarium Emergency Measures
Shibarium has restricted some bridge operations to prevent unauthorized transactions, updated the deposit/withdrawal/claim/reward mechanism, and added defense mechanisms to limit delegated Staking abuse.
Additionally, the platform intervenes to recover and protect BONE held by Staking managers, while limiting attackers' short-term Staking using protocol mechanisms and governance intervention.
Key management and security infrastructure
Shibarium is rotating validator signers and transferring contract control to multi-party hardware custody, while continuing to migrate away from legacy keys.
The goal is to reduce the risk of private keys being exposed, increase the security of contract control, and improve resilience in the event of similar incidents in the future.
Monitoring and incident response
Real-time monitoring systems have been activated to track attacker-related traffic, with automated alerts and reporting to partners and exchanges.
Shibarium also employs independent security researchers and incident response teams to conduct detailed investigations, assess damage, and assist in restoring the ecosystem to safety.
What should users do?
Check account-related transactions, suspend interactions with the bridge until a safety notice is issued, and monitor official channels for asset recovery instructions.
Can the funds/ Token be withdrawn?
Recovery depends on transaction traceability and cooperation with the exchange; Shibarium is working to intervene and recover BONE to the extent possible through governance mechanisms.
Does the issue affect the entire Shibarium network?
Shibarium has limited specific bridge functions; the impact to the Primary Network depends on the outcome of the investigation and patching, but the system has taken many steps to reduce the risk of spread.
What will Shibarium do to prevent recurrence?
Change keys, move to multi-party hardware custody, update transaction processing logic, and hire security experts to audit and harden prioritized weaknesses.
