Shibarium Blocks Sophisticated Flash Loan Attack Targeting Millions in BONE Tokens

Shibarium froze 4.6M BONE after an attacker exploited validator keys but failed to withdraw due to delegation locks.

Emergency safeguards paused stake functions and moved funds to a hardware wallet under multisig for security verification.

Investigations involve Hexens, Seal 911, PeckShield, and authorities, with negotiations open if stolen funds are returned.

Shibarium faced a major security challenge after a flash loan attack attempted to steal millions of BONE tokens. The incident, disclosed by lead developer Kaal Dhairya, involved the attacker gaining access to validator signing keys and trying to drain 4.6 million BONE from the bridge

However, the effort failed because the tokens were delegated and locked under Validator 1, leaving the attacker unable to withdraw the assets. This lock allowed the development team to act quickly and secure the ecosystem.

Details of the Failed Breach

According to Dhairya, the attacker used a flash loan to acquire the large BONE holdings before exploiting validator controls. With majority validator power obtained, the attacker signed a malicious state to initiate asset withdrawal

Notably, the design of the delegation process delayed unstaking, creating an opportunity for the team to freeze the targeted tokens. The breach, described as highly sophisticated, may have been planned for months in advance

Dhairya emphasized that the security measures in place prevented significant losses. He confirmed that immediate actions were taken to secure validator control and protect remaining community funds.

Emergency Safeguards Introduced

In response to the incident, the team paused stake and unstake functions as a precautionary measure. Stake manager funds were transferred from the proxy contract into a hardware wallet overseen by a trusted 6/9 multisig. This move, although temporary, ensured that validator key risks were contained.

Furthermore, Dhairya confirmed that these funds will only return once secure key transfers are complete and validator control is fully verified. He stressed that the safety of community assets remains the top priority throughout the ongoing investigation.

Investigation and Next Steps

The source of the compromise is not yet confirmed, with possibilities ranging from a breached server to a compromised developer machine. Security partners including Hexens, Seal 911, and PeckShield are actively working with the team to uncover the origin.

Authorities have been contacted, and formal investigations are underway. However, Dhairya stated that negotiations remain possible. If the attacker returns the funds, no legal charges will be pressed, and a small bounty may be considered.

For now, the compromised funds remain frozen, and further transparent updates are expected as the investigation progresses.

The post Shibarium Blocks Sophisticated Flash Loan Attack Targeting Millions in BONE Tokens appears on Crypto Front News. Visit our website to read more interesting articles about cryptocurrency, blockchain technology, and digital assets.