TLDR:

The Shibarium tracker used bridge funds to acquire 4.6M BONE and briefly gain validator control before chain security was locked.

tracker 224.57 ETH and 92.6B SHIB were drained but validator-held BONE remains locked and cannot be withdrawn.

withdrawn. Ten of twelve validator keys were compromised while K9 Finance and Unification validators refused to sign malicious state.

Stake manager funds moved to a secure 6/9 multisig as forensic teams work on validator key transfer.



The Shibarium network is dealing with a breach that saw an attacker briefly gain validator control and drain funds from the bridge.

The event, flagged by security firm PeckShield, triggered a rapid response from Shiba Inu developers. They are working with external partners to trace the exploit and restore confidence in the network.

Immediate security measures were rolled out to protect the remaining assets. The team has promised a full incident report once the investigation is complete.

Shibarium Validator Keys Compromised and BONE Control Attempt

According to an update from the official Shib account on X, the attacker used funds from a previous bridge hack to buy 4.6 million BONE in one transaction. This gave them temporary validator voting power, enough to sign a malicious state on Shibarium.

The transaction was structured like a flash loan, and the borrowed funds were repaid with assets stolen from the bridge.

Investigators confirmed that 10 of 12 validators’ signing keys were compromised during the attack. Only validators operated by K9 Finance DAO and Unification refused to sign.

Without the flash-loan style BONE purchase, the attacker would not have met the two-thirds majority required to approve the malicious state.

The assets involved include 224.57 ETH and 92.6 billion SHIB drained from the bridge. The attacker attempted to sell around $700,000 in KNINE but failed after K9 Finance DAO blacklisted the address.

Other tokens such as LEASH, ROAR, TREAT, BAD, and SHIFU remain untouched at the time of reporting.

Security Measures and Next Steps for Shibarium

In response, Shibarium paused staking and unstaking functions to protect user funds. Stake manager funds were also transferred from proxy contracts to a secured 6-of-9 hardware multisig wallet. This move prevents further access until validator key control is fully restored.

Shiba Inu developers are collaborating with Hexens, Seal911, and PeckShield to run a full forensic investigation of the exploit. They plan to initiate secure validator key transfers and confirm the chain’s integrity before restoring normal operations.

The team stated they are coordinating with partners to freeze funds linked to the attacker and working around the clock to complete the investigation. They reiterated their commitment to transparency and will release a comprehensive report with findings and future measures once the process concludes.

