An exploit involving the Secret Network has resulted in a theft of approximately $4.67 million due to an "infinite mint" vulnerability in a smart contract. The incident, which took place on June 10, 2026, was revealed a week later when a transaction failure triggered alerts about insufficient funds in the compromised account, according to blockchain research firm Common Prefix.
The attacker manipulated the exploit to create unbacked wrapped versions of Axelar-wrapped assets, specifically saTokens, which included saUSDT, saUSDC, and saDAI, among others. This was possible because the smart contract failed to verify the source of incoming transfers before minting new tokens. Following the exploit, the attacker transferred the funds to the Ethereum blockchain and distributed them across around 30 wallets, eventually converting them to Ether (ETH) and moving them to various exchanges, such as KuCoin and ChangeNow.
This incident marks one of the most significant attacks in a month that has seen at least 22 exploits in the cryptocurrency sector. The Secret Network, a privacy-oriented blockchain within the Cosmos ecosystem, has advised users holding Axelar-bridged tokens that their assets may be compromised.