NewsNewsDetails
Alephium cross-chain bridge attacked, losing $815,000 in 7 minutes.
AMBCrypto
06-01 09:23
Ai Focus
The TokenBridge between Alephium and Ethereum was attacked, and approximately $815,000 worth of assets were transferred out within 7 minutes.
Helpful
No.Help

TokenBridge, which connects Ethereum and Alephium, was attacked on May 30. Blockchain security firm Blockaid stated that the attackers gained control of three of the four guardian keys and used them to forge cross-chain approval messages, transferring approximately $815,000 in assets within about seven minutes.

The attack point is in the Guardian's signature.

The Alephium TokenBridge connects Ethereum and the Alephium chain. When a user transfers ALPH from Alephium to Ethereum, the native asset is locked on one side first, and then the corresponding wrapped asset, wALPH, is minted on the Ethereum side.

This process relies on guardian signatures to confirm the validity of cross-chain messages. According to the bridge's design, at least three of the four guardians must sign for a transfer message to be approved. Blockaid claims that the attacker obtained the private keys of three of the guardians, thus enabling them to forge seemingly valid VAAs, i.e., cross-chain approval messages.

Release of multiple assets after fabricating information

After gaining signing capabilities, the attackers not only forged wALPH's minting process but also caused the bridge to erroneously execute asset releases. The bridge identified these forged messages as valid withdrawals, thus unlocking various assets originally held in custody.

  • USDT
  • USDC
  • WBTC
  • WETH

Blockaid also stated that the attackers minted an additional 13.76 million wALPH without actually depositing any ALPH. This number exceeds the total supply of previously circulating sealed assets, meaning these assets are not backed by any real collateral.

Similar to previous cross-chain bridge attacks

This incident bears similarities to the earlier Wormhole cross-chain bridge attack. Both involved forging cross-chain messages and generating assets without sufficient collateral backing.

The report also mentioned that the cross-chain bridge between Verus and Ethereum was recently attacked, resulting in a loss of approximately $11.58 million. These consecutive cross-chain bridge incidents once again expose that multi-signature verification and key management remain the main risks for bridge protocols.

Tip
$0
Like
0
Save
0
Views 436
CoinMeta reminds readers to view blockchain rationally, stay aware of risks, and beware of virtual token issuance and speculation. All content on this site represents market information or related viewpoints only and does not constitute any form of investment advice. If you find sensitive content, please click“Report”,and we will handle it promptly。
Submit
Comment 0
Hot
Latest
No comments yet. Be the first!
Related
RLUSD integrates with Wormhole's native cross-chain transfer functionality.
RLUSD achieves native multi-chain transfers through Wormhole NTT, and the market is paying attention to its impact on the circulation of cross-chain stablecoins and the activity of the Wormhole ecosystem.
CoinPedia
·2026-06-04 23:58:00
117
Virtuals migrates over $700 million worth of cross-chain infrastructure to Chainlink
Virtuals has migrated its $700 million VIRTUAL cross-chain infrastructure from LayerZero to Chainlink CCIP. Several other protocols have made similar adjustments following the KelpDAO incident.
AMBCrypto
·2026-06-04 23:28:55
504
LayerZero advances its institutional financial footprint, reigniting controversy over cross-chain security.
LayerZero announced its institutional financial expansion plan and launched a new chain, "Zero"; L2BEAT, on the other hand, questioned whether the migration of cross-chain infrastructure would necessarily bring significant security improvements.
AMBCrypto
·2026-06-04 01:27:40
675
Aave adjusts listing standards and tightens cross-chain risk review following the rsETH incident.
Aave stated that the rsETH attack stemmed from a failure in the LayerZero cross-chain bridge verification used by KelpDAO, rather than a vulnerability in the protocol's own contract. Aave will review all V3 assets and incorporate cross-chain bridge, oracle, and custody risks into its listing review process.
CoinDesk
·2026-06-01 13:13:28
567
Gravity Bridge was attacked, resulting in approximately $5.4 million in losses.
Gravity Bridge was attacked, with approximately $5.4 million in assets stolen. The attackers still control approximately 2,102 ETH.
Coinpedia
·2026-05-30 17:11:02
871
Latest from Author
Refresh
arrow
Bitcoin fell to around $61,000, prompting a whale to close its short position of 1,400 BTC.
Bitcoin fell to around $61,000, prompting a whale to close its short position of 1,400 BTC.
14m ago   363peopleViews
Foreign media: JST's short-term trend weakens after a surge and subsequent pullback.
Foreign media: JST's short-term trend weakens after a surge and subsequent pullback.
1h ago   716peopleViews
FG Nexus's Ethereum holdings have a paper loss of over $85 million.
FG Nexus's Ethereum holdings have a paper loss of over $85 million.
2h ago   725peopleViews
Recommended