Image credit: Unsplash
Secret Network’s bridge has reportedly been exploited for about $4.7 million after an attacker used an infinite-mint bug to create unbacked assets and drain available liquidity. The attack adds another bridge failure to a year already marked by cross-chain security losses.
Secret Network describes its infrastructure as a way to make tokens privacy-preserving through Secret Bridges and the SNIP-20 standard, which lets assets move into private token formats on the network.
Infinite Mint Bug Created Fake Supply
The exploit centered on a minting flaw rather than a direct theft from user wallets. The attacker was able to create bridge-linked tokens without proper backing, then use that supply to pull real liquidity out of connected pools.
That type of bug is dangerous because bridge systems rely on strict accounting between locked assets on one side and minted representations on the other. If the minting side breaks, an attacker can turn fake supply into real tokens before markets or operators react.
SNIP-20 Bridge Assets Carried the Risk
Secret Network’s bridge model is tied to private asset handling. The network says users can bridge tokens and make them privacy-preserving using SNIP-20 assets, placing bridge security at the center of how outside liquidity enters its ecosystem.
That makes the exploit more serious than a contained app bug. A bridge flaw can affect multiple assets, pools and downstream protocols because other markets may treat the minted token as valid until the exploit is detected.
Mint-and-Redeem Accounting Failed
Cross-chain bridges have been one of crypto’s most attacked infrastructure layers because they hold or represent assets across separate networks. The Secret exploit fits that pattern.
The damage did not come from normal market losses or a failed trade. It came from a failure in the bridge’s ability to control how many tokens could be created and redeemed. The incident again puts bridge minting controls and supply checks under scrutiny.
Users Await Affected Asset List
The next step is whether the Secret Network team can freeze affected contracts, identify remaining attacker funds and publish a full incident report. Users also need clarity on which assets were affected, whether any liquidity providers will be made whole and when bridge activity can safely resume.
Until then, the exploit leaves a gap in one of Secret Network’s main access points for external liquidity.
