Shiba Inu’s Layer 2 network, Shibarium, came under fire on Friday after a coordinated flash loan attack exploited its bridge to Ethereum, draining nearly $3 million in tokens and triggering an emergency developer 0 Takeaways: Shibarium’s bridge was exploited in a flash loan attack, draining nearly $3 million in ETH, SHIB, and KNINE 1 attacker gained two-thirds validator control by flash-loaning 4.6M BONE, enabling them to finalize fraudulent 2 paused staking and brought in security firms, while hinting at a potential bounty offer if the funds are 3 to Shiba Inu developer Kaal Dhairya , the attacker used a flash loan to borrow 4.6 million BONE, the governance token of Shibarium, and managed to gain access to 10 out of 12 validator signing 4 control gave them the two-thirds consensus required to finalize fraudulent checkpoints on the network’s consensus layer, 5 Attacker Drains $2.4M in ETH and SHIB With majority control in place, the attacker proceeded to drain around 224.57 ETH and 92.6 billion SHIB tokens from the Shibarium bridge contract, collectively worth approximately $2.4 million at the time.
A further $700,000 in KNINE tokens tied to K9 Finance were also impacted. However, K9 Finance’s DAO moved swiftly to blacklist the attacker’s address, rendering the KNINE tokens 6 response to the breach, Shibarium developers halted staking and unstaking across the 7 the attacker’s borrowed BONE tokens remain subject to an unstaking delay, developers were able to freeze the position before full exit, effectively locking the attacker out of validator control for the time 8 described the exploit as “sophisticated” and suggested it was likely “planned for months.” Shibarium Bridge Security Update Earlier today, a sophisticated ( probably planned for months ) attack was carried out using a flash loan to purchase 4.6M 9 attacker gained access to validator signing keys, achieved majority validator power, and signed a malicious… — Kaal (@kaaldhairya) September 13, 2025 He confirmed that law enforcement has been contacted and that security firms Hexens, Seal 911, and PeckShield are now involved in the 10 also left the door open to negotiations, stating that if the attacker returns the funds, a bounty might be considered in lieu of legal 11 researcher Zilayo on X provided a technical breakdown of the incident, pointing to suspicious validator behavior tied to Ryoshi 12 fraudulent checkpoint was signed by 10 validators who controlled around 40% of the 13 the attacker delegated the flash-loaned BONE to Ryoshi’s validator, the weighted stake surpassed 66%, enabling a full consensus 14 was attacked yesterday & the bridge drained for nearly $3m.
Here's how it happened 1/ Ryoshi Labs' validator (and perhaps others) were compromised or malicious from the 15 proposed a fraudulent checkpoint on Heimdall (Shibarium's consensus engine). 2/… 16 — Zilayo (@0xZilayo) September 13, 2025 The price of BONE spiked in the immediate aftermath of the attack, briefly rising from $0.165 to $0.294 before settling back around $0.202. SHIB, meanwhile, is up 4.5% in the past 24 hours, driven in part by renewed attention following the 17 Hacks, Thefts Cost Investors $2.2B in H1 2025: CertiK Crypto investors lost over $2.2 billion to hacks , scams, and breaches in the first half of 2025, driven largely by wallet compromises and phishing attacks, according to CertiK’s latest security 18 breaches alone caused $1.7 billion in losses across just 34 incidents, while phishing scams accounted for over $410 million across 132 19 major incidents, including Bybit’s $1.5 billion hack in February and Cetus Protocol’s $225 million exploit in May, skewed the year’s losses upward, together accounting for nearly $1.78 20 these, losses align more closely with previous years at around $690 21 remained the primary target, suffering over $1.6 billion in losses across 175 events.
Story Tags
Latest news and analysis from cryptonews
