The Axelar Network release note states that neither the Axelar Network nor the IBC protocol was compromised. The affected token smart contracts were not developed, deployed, or maintained by Axelar Network. The exploited contract was a forked version of CW20-ICS20, in which developers removed two critical security checks, resulting in an "infinite minting" vulnerability. This fork altered the original trust model of the contract and was not subjected to a security audit. Axelar Network emphasizes that this incident was not due to a specific logical flaw or an issue with the IBC protocol, but rather a security risk introduced by third-party modifications to the contract.
Axelar Network Responds to Security Incident, Vulnerability Traced to Third-Party Token Contract
AiCoinShare
Summary
Axelar Network addressed a recent security incident, clarifying that its network and IBC protocol were not compromised. The vulnerability arose from a third-party token contract, a modified fork of CW20-ICS20, in which developers removed two critical security checks, enabling infinite minting. Axelar emphasized that the issue originated from the altered contract, not from any network upgrade or IBC logic. The modified contract was not audited and deviated from the original trust model.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.