Odaily Planet Daily reports that the cross-chain protocol Axelar Network issued a statement regarding recent security incidents related to Secret Network, stating that there is a misunderstanding within the community. Axelar and the Inter-Blockchain Communication Protocol (IBC) were neither attacked nor compromised, and the affected token smart contracts were not developed, deployed, or maintained by Axelar. Axelar’s firewall mechanisms also prevented the impact from spreading further to other chains.
It is reported that the exploited contract is a fork version based on CW20-ICS20, but the developers removed two core security checks, resulting in an “infinite mint” vulnerability. By removing the original validation mechanisms designed to prevent such issues, this fork altered the contract’s original trust model and was not subjected to a new security audit.
Axelar Network explains that anyone can deploy contracts for cross-chain asset wrapping via IBC, and similar contracts are used to encapsulate tokens from other chains into Secret Network. However, the fork version of Secret involved in this incident had vulnerabilities due to the removal of critical security checks. This incident is not due to a logical flaw inherent to the protocol itself nor a problem with the IBC protocol, but rather a security risk introduced after third-party contract modifications.
Axelarはセキュリティインシデントに対応:AxelarとIBCは影響を受けず、脆弱性はサードパーティのトークンコントラクトの「無限鋳造」問題に起因
Odaily星球日报讯 跨链协议 Axelar Network 针对近期 Secret Network 相关安全事件发布说明称,社区对事件存在误解,Axelar 和 Inter-Blockchain Communication Protocol (IBC) 均未遭到攻击或破坏,受影响的代币智能合约并非由 Axelar 开发、部署或维护,Axelar 的防火墙机制也阻止了影响进一步扩散至其他链。
Odaily Planet Daily reports that the cross-chain protocol Axelar Network issued a statement regarding recent security incidents related to Secret Network, stating that there is a misunderstanding within the community. Axelar and the Inter-Blockchain Communication Protocol (IBC) were neither attacked nor compromised, and the affected token smart contracts were not developed, deployed, or maintained by Axelar. Axelar’s firewall mechanisms also prevented the impact from spreading further to other chains.
据悉,遭利用的合约是基于 CW20-ICS20 实现的一个分叉版本,但开发者移除了两项核心安全检查,导致出现“无限铸造(infinite mint)”漏洞。由于删除了原本用于防止此类问题的校验机制,该分叉改变了合约原有信任模型,同时未经过新的安全审计。
It is reported that the exploited contract is a fork version based on CW20-ICS20, but the developers removed two core security checks, resulting in an “infinite mint” vulnerability. By removing the original validation mechanisms designed to prevent such issues, this fork altered the contract’s original trust model and was not subjected to a new security audit.
Axelar Network 解释称,任何人都可以通过 IBC 部署用于跨链资产封装的合约,同类合约也被用于将其他链代币封装至 Secret Network。但此次事件中的 Secret 侧分叉版本因删除关键安全检查而存在漏洞,此次事件并非特有逻辑缺陷,也不是 IBC 协议本身的问题,而是第三方合约修改后引入的安全风险。
Axelar Network explains that anyone can deploy contracts for cross-chain asset wrapping via IBC, and similar contracts are used to encapsulate tokens from other chains into Secret Network. However, the fork version of Secret involved in this incident had vulnerabilities due to the removal of critical security checks. This incident is not due to a logical flaw inherent to the protocol itself nor a problem with the IBC protocol, but rather a security risk introduced after third-party contract modifications.