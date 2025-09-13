PeckShield flags $2.8M Shibarium exploit

By: Cryptopolitan
2025/09/13 15:54

Blockchain security firm PeckShield found suspicious activity on Shibarium late Friday. Security sleuths found leaked validator keys on Shibaswap that led to an estimated $2.8 million loss through Shib token withdrawals.

The Shiba Inu team posted on X at around 9:00 PM UTC, saying it “was aware of the activity flagged by PeckShield,” and had contacted both internal developers and external security partners to investigate the exploit.

“At this time, we are working to confirm the root cause and ensure all possible mitigations are in place. A comprehensive report with findings and next steps will be published once the investigation concludes,” the Shiba Inu team wrote.

10 of 12 SHIB validator approved malicious transactions

Web2 and web3 auditor Tikkala Security has confirmed that an attacker hacked Shiba Inu’s token system by submitting valid Merkle leaf exit requests signed by multiple validators. The attacker’s wallet address withdrew funds in several instances by bypassing protections meant to safeguard the root chain manager.

According to Etherscan data, the address now holds over $700,000 worth of ERC-20 tokens.

“The hack appears to involve 10 out of 12 Shibarium validator signing keys being compromised, which allowed a malicious root state to be approved,” Tikkala explained, providing images of the events. Only validators operated by K9 Finance and UnificationUND have been confirmed to have stepped away from signing the malicious transaction.

The attack originated from a compromised checkpoint, where a seemingly legitimate Merkle root was inserted. Blockchain data from Etherscan shows that once the malicious root was added, the attacker drained another $1 million through a subsequent large transaction. 

Investigators also uncovered that the attacker used a flash loan from Shibaswap to borrow 4.6 million BONE tokens. Initially celebrated by some as a large $1 million BONE purchase, it was instead part of the exploit. After temporarily acquiring the tokens, the attacker gained majority voting power over Shibarium’s validators, enabling them to approve a malicious state on the network.

In the same transaction, the attacker repaid the flash loan by liquidating assets taken from the bridge. They sold Shiba Inu tokens and Ether obtained during the exploit to cover the borrowed funds, and drained 224.57 Ether and approximately 92.6 billion Shiba Inu tokens. Of this amount, 216 Ether was used to settle the flash loan, leaving the remainder as profit.

The Shibaswap rootchain manager contract, which verifies withdrawals against stored root Merkle hashes, gives the attacker leeway to manipulate withdrawal requests indefinitely, and losses could continue if the Shibarium team does not act soon.

All issues pointed towards governance

Naysayers on X are arguing that Shiba Inu has “fake decentralization,” because other protocols have faced the same validator dominance issues without losing funds.

“Qom devs saw this issue in QL1 as well. Someone tried to sabotage the network by controlling 60% of validators. But QL1’s developers quickly removed the bad actor. Shiba Inu developers and Shibarium failed to do the same,” a critic surmised.

Despite the security breach, Shiba Inu’s token was trading at $0.00001416 at the time of this publication, up 0.50% over the past hour and 5.25% over the past 24 hours.

The token’s market capitalization saw a 5.24% uptick, clocking $8.26 billion. Per Cryptopolitan’s September analysis, Shiba Inu faces a critical test at its 200-day exponential moving average of $0.0000138. A decisive breakout could push prices toward the $0.000020 to $0.000024 range, while failure at this level means more consolidations and negative price pulls.

Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
Share Insights

You May Also Like

Fullset Blockchain Conference 2025 Brings Web3 Leaders to Kyiv for a Day of Networking, Innovation, and Collaboration

Fullset Blockchain Conference 2025 Brings Web3 Leaders to Kyiv for a Day of Networking, Innovation, and Collaboration

More than 2,000 Web3 builders, founders, investors, and newcomers will gather on September 21 in the heart of Kyiv to connect, collaborate, and launch the next wave of blockchain projects.
Moonveil
MORE$0.09533-1.71%
Humans.ai
HEART$0.00599+4.99%
Share
The Cryptonomist2025/09/13 15:00
Share
WisdomTree Launches Tokenized Fund Offering Retail Access to Private Credit

WisdomTree Launches Tokenized Fund Offering Retail Access to Private Credit

Highlights: WisdomTree launches tokenized fund on Ethereum and Stellar with just a $25 minimum investment. CRDT fund tracks private credit vehicles, offering daily liquidity and blockchain access. Tokenized investing offers daily liquidity, fractional ownership, and real-world yield. Asset manager WisdomTree has launched a new digital fund that introduces private credit to blockchain. The WisdomTree Private Credit and Alternative Income Digital Fund (CRDT) is targeted for both retail and institutional investors, according to the statement on Friday. CRDT seeks to track the performance of a Gapstow Private Credit and Alternative Income Index (GLACI). This index covers 35 publicly traded private credit vehicles. It focuses on a diversified set of assets such as loans to private corporations and real estate investment trusts. WisdomTree Launches Tokenized Fund on Ethereum and Stellar The fund is tokenized on both the Ethereum and Stellar blockchain networks. These platforms provide speed, transparency, and improved access to users. By leveraging blockchain technology, WisdomTree enables alternative asset investing to be conducted on-chain. CRDT is WisdomTree’s latest addition to a growing list of tokenized funds. These funds collectively manage almost $900 million, mostly from institutional capital. But CRDT is distinguished for opening up private credit to everyday investors. A $1T+ asset class is starting to move onchain WisdomTree just launched CRDT, a tokenized private credit + alt income fund built on Stellar + Ethereumhttps://t.co/AS7YcSL3Bv — Build on Stellar (@BuildOnStellar) September 12, 2025 With only $25 remaining, retail users could jump on a market previously reserved for large institutions. This shift underpins wider portfolio diversification via alternative income sources. The idea is to democratize access while maintaining the standards of regulation. Investors can trade in CRDT via WisdomTree Prime and WisdomTree Connect, the firm’s digital platforms. These tools provide a seamless entry into real-world assets on-chain, with daily liquidity and full transparency of the assets and transactions. According to Will Peck, Head of Digital Assets at WisdomTree, “CRDT opens up access to one of the most coveted asset classes, alternatives, directly on-chain. We’ve brought on-chain investing to the next level.” Jeremy Schwartz, Global CIO at WisdomTree, noted that for four years, the firm has focused on making this space more accessible. Now, CRDT helps to deliver the modern yield potential in a blockchain-native structure. Tokenization of Private Credit Continues to Gain Traction WisdomTree’s latest offering is part of a wider institutional move towards tokenized financial product offerings. Goldman Sachs and BNY Mellon have recently launched tokenized money-market funds for institutional investors. Their offerings reflect an overall shift as traditional finance is increasingly integrating blockchain infrastructure. BNY’s LiquidityDirect and @GoldmanSachs’ Digital Asset Platform have collaborated to launch tokenized money market funds (MMFs). This significant initiative sets our clients on a path to access a new capability to increase the utility and potential transferability of MMFs in… pic.twitter.com/WJ1lv7m6T4 — BNY (@BNYglobal) July 23, 2025 The momentum across the financial sector is a growing appetite for real-world assets on-chain. Tokenized funds, from U.S. Treasuries to private equity, have surged in adoption, promising transparency and efficiency in investment processes. Data from RWA.xyz indicates that tokenized private credit instruments are now more than $16.7 billion in value. This growth indicates high demand by both retail and institutional investors for investment opportunities based on blockchain technology. Meanwhile, BlackRock has also dipped its toes into tokenization, launching its BUIDL money market fund and exploring ETFs for tokenized equities. Similarly, Nasdaq filed with the SEC in order to trade tokenized stocks along with traditional stocks. Tokenization makes it easier to access complex financial instruments by turning them into digital tokens. This development makes fractional ownership possible, increasing liquidity and ease of settlement while still adhering to financial regulations. eToro Platform Best Crypto Exchange Over 90 top cryptos to trade Regulated by top-tier entities User-friendly trading app 30+ million users 9.9 Visit eToro eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.
Threshold
T$0.01693+2.98%
Union
U$0.01006+7.59%
TaskBunny
BNY$0.00218--%
Share
Coinstats2025/09/13 15:07
Share
Judge Stops Trump From Firing Fed Governor Lisa Cook – Here’s Why

Judge Stops Trump From Firing Fed Governor Lisa Cook – Here’s Why

The post Judge Stops Trump From Firing Fed Governor Lisa Cook – Here’s Why appeared first on Coinpedia Fintech News Recently, the Cook vs Trump legal battle took a turn when the Federal Reserve governor presented evidence. Lisa Cook declared in financial forms that her Atlanta property would be used as a “vacation home” and not her primary residence. This statement clearly dismisses President Trump’s allegations of “mortgage fraud.” Cook Declares Atlanta Property Vacation Home …
OFFICIAL TRUMP
TRUMP$9.364+6.22%
mETHProtocol
COOK$0.016094-0.57%
SphereX
HERE$0.000209-0.47%
Share
CoinPedia2025/09/13 16:07
Share

Trending News

More

Fullset Blockchain Conference 2025 Brings Web3 Leaders to Kyiv for a Day of Networking, Innovation, and Collaboration

WisdomTree Launches Tokenized Fund Offering Retail Access to Private Credit

Judge Stops Trump From Firing Fed Governor Lisa Cook – Here’s Why

Cops in Hong Kong Arrest Bitcoin Power Heist Technicians.

AlphaPepe emerges as retail traders’ top meme coin pick after $130,000 presale surge