Shiba Inu Team Confirms Shibarium Attack: 92.6B SHIB and 224 ETH Lost via BONE Validator Takeover

• The Shibarium bridge exploit drained 92.6B SHIB and 224 ETH after the attacker gained validator control via a flash loan tactic.
• SHIB team froze BONE, paused staking, and launched a forensic probe with partners to secure funds and restore chain integrity.

The Shiba Inu development team has confirmed a security breach on the Shibarium bridge that resulted in large asset losses. Official updates reported that 92.6 billion SHIB and 224.57 ETH were drained after the attacker gained control of validator keys through a flash loan-style exploit.

Investigations show the attacker used bridge funds within the same block to purchase 4.6 million BONE tokens. These tokens were delegated to validators, giving the attacker temporary voting authority. By doing this in one transaction, the attacker created conditions similar to a flash loan, repaying the borrowed amount with the stolen bridge assets.

Data shows a large-scale compromise of validator signing keys. Ten of the twelve validators signed the malicious state, with only K9 Finance and Unification validators refusing participation. The addition of the temporarily delegated BONE allowed the attacker to surpass the two-thirds majority limit needed for consensus.

Once in control, the attacker was able to redirect bridge assets, extracting both SHIB and ETH. The method exploited the consensus model rather than bypassing it, making the takeover possible within a narrow time frame.

Assets Affected and Failed Token Sale

The losses included 224.57 ETH and 92.6 billion SHIB. Beyond these, the attacker attempted to liquidate roughly $700,000 worth of KNINE tokens. The attempt was blocked when the K9 Finance DAO multisig blacklisted the wallet address, preventing further transactions.

Other tokens, including LEASH, ROAR, TREAT, BAD, and SHIFU, were impacted but remain unmoved. Importantly, the 4.6 million BONE tokens acquired during the attack remain delegated to validators and locked by staking rules. This restriction has prevented the attacker from withdrawing or transferring them.

Emergency Actions and Forensic Investigation

In response to the incident, Shiba Inu developers paused staking and unstaking functions on Shibarium. They transferred stake manager funds from proxy contracts into a secured 6-of-9 hardware multisig wallet. This measure aimed to protect community assets while the investigation continued.

Security firms Hexens, Seal911, and PeckShield were brought in to perform forensic analysis. The team also started an audit of validator key integrity and began working on secure transfers of validator responsibilities. Efforts to coordinate with external partners to freeze attacker-linked funds are ongoing.

Authorities were notified, and a full report is planned once investigations conclude. Developers confirmed that restoring full chain security remains the primary objective before resuming paused functions.

Community Safety and Next Steps

The SHIB team stated that protecting community holdings is the central focus of the current response. They also noted that network development, including the LEASH V2 migration and planned Shibarium enhancements, continues alongside security operations.

In response, the developers have committed to transparency and pledged to release verified updates as the investigation unfolds. They emphasized that all findings will be compiled into a final report for the community.

In an unusual move, the team stated that discussions with the attacker were possible. A proposal included not pressing charges and offering a bounty if stolen assets were returned. At present, the outcome of this approach remains uncertain.