Syndicate Labs experiences a private key leak attack, and the cross-chain bridge was maliciously upgraded, resulting in approximately 18.5 million SYND being transferred.

Golden Finance reports that on May 1st, Syndicate Labs disclosed a security incident: attackers infiltrated the system through a private key leak and maliciously upgraded cross-chain bridge contracts on two chains, resulting in approximately 18.5 million SYND tokens and about $50k worth of user assets being transferred. The attack originated from an intrusion into the development endpoint, where the attacker used production environment permissions to upgrade the bridge contract to a malicious version. However, other chains were unaffected. The losses include: Commons Bridge: approximately 18.5 million SYND transferred and sold, equivalent to about $330k; another Appchain: approximately $50k worth of user assets transferred.
Syndicate Labs stated that affected SYND holders will receive full compensation and an additional excess payout, with overall holdings exceeding pre-incident levels; affected users on the Appchain will also be fully compensated for their losses.