Shibarium Developers Say Sophisticated Attack May Have Targeted Millions of BONE, Withdrawals Prevented

• Attack stopped: 4.6 million BONE purchase via flash loan blocked from withdrawal

• Validator signing keys were accessed, giving majority validator power briefly, but withdrawal failed due to delegation and unstaking mechanics.

• Security outcome: tokens remain locked; team response preserved network integrity and initiated an investigation.

Shibarium attack prevented: millions of BONE secured after a flash-loan exploit attempt — follow official updates from COINOTAG for details and safety steps.

What happened in the Shibarium attack?

Shibarium attack describes a sophisticated exploit attempt in which a hacker used a flash loan and gained access to validator signing keys to sign a malicious state aiming to drain bridge assets. The exploit was neutralized because the targeted BONE tokens were delegated and blocked by unstaking delays, preventing withdrawal.

How did the attacker attempt to steal millions of BONE tokens?

The attacker used a flash loan to buy 4.6 million BONE and leveraged compromised validator signing keys to obtain majority validator power. With that power they signed a malicious state intended to drain assets from the bridge. Delegation to Validator 1 and unstaking delays prevented the attacker from withdrawing the tokens.

How were the BONE tokens protected and what measures were taken?

The team’s immediate priority was protecting the network and community assets. Because the BONE contract was delegated to Validator 1, the attacker could not withdraw the tokens. Unstaking delays effectively locked the tokens, giving the team time to isolate and freeze the affected batch while an investigation continues.

Details of the recent attack

Kaal Dhairya, the right-hand developer to Shytoshi Kusama, described the incident as “sophisticated” and likely planned months in advance. The attacker executed a flash loan purchase of 4.6 million BONE and obtained validator signing keys to sign a malicious state intended to drain the bridge.

The delegation to Validator 1 prevented a successful withdrawal. Unstaking delays kept the tokens locked, and the team took urgent steps to freeze the impacted assets. The team emphasized transparency and committed to ongoing updates as the investigation proceeds.

Frequently Asked Questions

Was any user wallet balance drained during the incident?

No confirmed user wallet drains have been reported. The attacker targeted bridge-held assets and attempted to sign a malicious state, but delegation and unstaking mechanics prevented withdrawals and protected community funds.

How can I check if my assets on Shibarium are safe?

Check delegation status, monitor bridge contract states, and watch official team communications. If your assets are not part of the affected bridge batch and were held in non-bridge wallets, they are not reported as compromised.

Key Takeaways

• Exploit attempt thwarted: Flash loan and validator key compromise were used, but withdrawal was blocked.
• 4.6M BONE involved: The attacker purchased about 4.6 million BONE; tokens remain locked due to delegation and unstaking delays.
• Ongoing investigation: The team prioritizes network protection and will provide transparent updates as the probe continues.

Conclusion

The Shibarium incident demonstrates the importance of on-chain mechanics like delegation and unstaking delays in protecting assets. COINOTAG will continue to follow official team statements and provide factual updates as investigators assess the attack, and the community should monitor channels for verified security guidance.

Source: official team statements and the update issued by Kaal Dhairya (reported by COINOTAG).