Back

Shibarium Exploit Thwarted as Attackers Target $1 Million in BONE Tokens

13 September 2025 11:31 UTC
Trusted
  • Shibarium’s bridge was targeted in a sophisticated exploit that attempted to move $1 million in BONE tokens through a flash loan scheme.
  • Blockchain records show the attacker drained ETH and SHIB, though much of the stolen stake was frozen before withdrawal.
  • In response, Shiba Inu developers suspended staking and secured funds in multisig wallets while working on new validator keys.
Promo

The Shiba Inu ecosystem faces scrutiny after an exploit on Shibarium’s bridge attempted to siphon off more than $1 million worth of BONE tokens.

On-chain data showed an effort to move about 4.6 million BONE, immediately drawing a response from the project’s developers.

Sponsored
Sponsored

Shiba Inu Bridge Exploit Coincides With Major ShibaSwap Upgrade

On September 13, Kaal Dhairya, a Shiba Inu developer, explained that the exploit was not a flaw in the underlying protocol. Instead, the attacker had gained control of validator keys, which allowed them to approve a fraudulent network state.

The maneuver was enabled by a flash loan, suggesting months of preparation and a deep understanding of the bridge’s design.

Independent investigators within the community pieced together how the operation unfolded.

According to Buzz, a contributor to K9 FinanceDAO, the exploiter used a flash loan on ShibaSwap to purchase millions of BONE and temporarily gain validator influence.

With that stake, they pushed through the malicious transaction and simultaneously repaid the loan using funds siphoned from the bridge.

Sponsored
Sponsored

In total, blockchain records show 224.57 ETH and 92.6 billion SHIB tokens were siphoned.

Meanwhile, roughly 216 ETH went back into settling the loan, while the delegated BONE stayed trapped by unstaking delays. Developers froze those tokens before they could be withdrawn.

The attacker also attempted to sell about $700,000 worth of KNINE tokens. That effort was stopped when K9 DAO’s multisig moved to blacklist the wallet involved.

Shiba Inu developers have suspended staking operations to contain the impact of the exploit. They also moved stake manager funds into a hardware wallet secured with a six-of-nine multisig.

Dhairya described these measures as temporary until new keys are securely distributed and the full scope of the incident is confirmed.

The breach coincided with the rollout of a major ShibaSwap update. The new version extends beyond Ethereum to Polygon, Arbitrum, Base, and other networks, enabling direct token swaps without external bridges.

Lucie, a Shiba Inu ecosystem lead, said the upgrade strengthens ShibaSwap’s role as a multi-chain platform designed to attract liquidity while preparing the ground for deeper Shibarium integration.

“This upgrade positions ShibaSwap to attract liquidity from major blockchains while paving the way for Shibarium integration. It reinforces the Shib Ecosystem as a network that connects community culture with serious financial infrastructure,” Lucie stated.

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.