Image credit: Shutterstock
Key Takeaways
- An attacker exploited a validation flaw in Syscoin’s bridge relay path, triggering the unauthorized minting of roughly 5 billion SYS tokens on the UTXO chain.
- The tainted tokens were split across two wallets; Syscoin has paused the bridge and is coordinating with exchanges to prevent the unauthorized balances from reaching open markets.
- SYS dropped more than 7% in the 24 hours following the incident, even as the broader crypto market rose more than 2%.
Syscoin paused its cross-chain bridge after an attacker exploited a validation flaw in the bridge relay path, resulting in the unauthorized creation of approximately 5 billion SYS tokens on the network’s UTXO chain. The project said it has identified the affected validation path, has a fix in place, and is coordinating with exchanges to prevent the tainted balances from reaching open markets.
A Faulty Proof Acceptance in the Bridge Relay Path Enabled the Mint
The exploit centered on the bridge relay path, which is responsible for verifying transactions moving between two chains. According to Syscoin, the relay path incorrectly accepted a fraudulent transaction proof and subsequently treated it as valid, triggering the unauthorized minting of roughly 5 billion SYS through the UTXO bridge path.
“An attacker exploited a validation issue in the bridge flow that resulted in an unauthorized SYS output being created on the UTXO side,” the project stated.
The unauthorized tokens initially arrived at a single address before the attacker moved and divided them into two separate tainted balances of roughly 4 billion and 1 billion SYS across distinct wallets. Syscoin described its findings as preliminary and urged users to refrain from interacting with the bridge while it remains paused.
Syscoin Says a Fix Is Ready and Remediation Path Is Being Finalized
Syscoin said the team has identified the affected validation path and has a fix prepared, with implementation and review currently underway.
“Our priority now is to complete implementation and review of the fix, while also determining the correct process to rectify the unauthorized SYS output and neutralize its impact on the network,” the project said.
“We will provide further updates once the remediation path has been finalized,” the project added. The team has not disclosed a timeline for when the bridge will reopen.
SYS Fell More Than 7% in the 24 Hours Following the Incident
According to market data, SYS declined more than 7% over the 24 hours following the incident, trading near $0.0016. The drop occurred against a broader market recovery that lifted total crypto market capitalization by more than 2% over the same period. Blockchain security firm PeckShield reported 40 hacks in May 2026, including 8 bridge and cross-chain exploits, according to its monthly security recap.
