Syndicate Labs Faces Private Key Leak Attack, Cross-Chain Bridge Maliciously Upgraded Resulting in Transfer of Approximately 18.5 Million SYND

On May 1, Syndicate Labs disclosed that it experienced a security incident: attackers infiltrated the system through a private key leak and maliciously upgraded the cross-chain bridge contract on two chains, resulting in the transfer of approximately 18.5 million SYND and about $50,000 in user assets. The attack originated from an intrusion on the development endpoint, where the attackers exploited production environment permissions to upgrade the bridging contract to a malicious version. However, other chains were not affected. The losses include: Commons bridge: approximately 18.5 million SYND was transferred and sold, equivalent to about $330,000; another Appchain: approximately $50,000 in user assets was transferred. Syndicate Labs stated that affected SYND holders will receive full compensation, along with additional excess payments, ensuring that overall holdings will be higher than before the incident; users affected on the Appchain will also be compensated in full for their losses.