Shiba Inu’s Layer 2 network, Shibarium, came under fire on Friday after a coordinated flash loan attack exploited its bridge to Ethereum, draining nearly $3 million in tokens and triggering an emergency developer response.
Key Takeaways:
Shibarium’s bridge was exploited in a flash loan attack, draining nearly $3 million in ETH, SHIB, and KNINE tokens.
The attacker gained two-thirds validator control by flash-loaning 4.6M BONE, enabling them to finalize fraudulent checkpoints.
Developers paused staking and brought in security firms, while hinting at a potential bounty offer if the funds are returned.
According to Shiba Inu developer Kaal Dhairya, the attacker used a flash loan to borrow 4.6 million BONE, the governance token of Shibarium, and managed to gain access to 10 out of 12 validator signing keys.
That control gave them the two-thirds consensus required to finalize fraudulent checkpoints on the network’s consensus layer, Heimdall.
Shibarium Attacker Drains $2.4M in ETH and SHIB
With majority control in place, the attacker proceeded to drain around 224.57 ETH and 92.6 billion SHIB tokens from the Shibarium bridge contract, collectively worth approximately $2.4 million at the time.
A further $700,000 in KNINE tokens tied to K9 Finance were also impacted. However, K9 Finance’s DAO moved swiftly to blacklist the attacker’s address, rendering the KNINE tokens unsellable.
In response to the breach, Shibarium developers halted staking and unstaking across the network.
Because the attacker’s borrowed BONE tokens remain subject to an unstaking delay, developers were able to freeze the position before full exit, effectively locking the attacker out of validator control for the time being.
Dhairya described the exploit as “sophisticated” and suggested it was likely “planned for months.”
He confirmed that law enforcement has been contacted and that security firms Hexens, Seal 911, and PeckShield are now involved in the investigation.
He also left the door open to negotiations, stating that if the attacker returns the funds, a bounty might be considered in lieu of legal action.
Community researcher Zilayo on X provided a technical breakdown of the incident, pointing to suspicious validator behavior tied to Ryoshi Labs.
The fraudulent checkpoint was signed by 10 validators who controlled around 40% of the stake.
Once the attacker delegated the flash-loaned BONE to Ryoshi’s validator, the weighted stake surpassed 66%, enabling a full consensus takeover.
The price of BONE spiked in the immediate aftermath of the attack, briefly rising from $0.165 to $0.294 before settling back around $0.202.
SHIB, meanwhile, is up 4.5% in the past 24 hours, driven in part by renewed attention following the breach.
Bitcoin Hacks, Thefts Cost Investors $2.2B in H1 2025: CertiK
Crypto investors lost over $2.2 billion to hacks, scams, and breaches in the first half of 2025, driven largely by wallet compromises and phishing attacks, according to CertiK’s latest security report.
Wallet breaches alone caused $1.7 billion in losses across just 34 incidents, while phishing scams accounted for over $410 million across 132 attacks.
Two major incidents, including Bybit’s $1.5 billion hack in February and Cetus Protocol’s $225 million exploit in May, skewed the year’s losses upward, together accounting for nearly $1.78 billion.
Without these, losses align more closely with previous years at around $690 million.
Ethereum remained the primary target, suffering over $1.6 billion in losses across 175 events.
The post Shiba Inu’s Layer 2 Shibarium Targeted in Flash Loan Attack, Nearly $3M Drained appeared first on Cryptonews.
