Shiba Inu’s Shibarium bridge suffered a $2.4 million flash loan attack on Friday, giving the exploiter control of 10 of 12 validator keys and allowing them to drain ETH and SHIB tokens from the network.
Developers quickly paused certain functions, secured remaining funds in a multisig hardware wallet, and are working with security firms to investigate the breach, which underscores the growing risk facing cross-chain bridges in DeFi.
Summary
- Shibarium bridge hacked, $2.4m in ETH and SHIB drained via flash loan exploit
- Hacker used 4.6m BONE loan, gained validator control, drained bridge contract
- Devs paused network, secured funds in multisig, and work with security firms
The exploit forced Shiba Inu (SHIB) developers to halt certain network activities while they assessed the damage.
The attacker borrowed 4.6 million BONE (BONE) tokens through a flash loan and gained access to 10 of 12 validator signing keys securing the network.
This gave the exploiter a two-thirds majority stake and allowed them to drain approximately 224.57 ETH (ETH) and 92.6 billion SHIB from the bridge contract before transferring the funds to their own address.
Shiba Inu dev: Attack was planned for months
Shiba Inu developer Kaal Dhairya described the incident as a “sophisticated” attack that was “probably planned for months.”
The attacker used their privileged position to sign malicious state changes and extract assets from the bridge infrastructure.
🚨 Shibarium Bridge Security Update 🚨
Earlier today, a sophisticated ( probably planned for months ) attack was carried out using a flash loan to purchase 4.6M BONE. The attacker gained access to validator signing keys, achieved majority validator power, and signed a malicious…
— Kaal (@kaaldhairya) September 13, 2025
The Shibarium team moved quickly to contain the breach, pausing stake and unstake functionality as a precautionary measure.
They transferred stake manager funds from the proxy contract into a hardware wallet controlled by a trusted 6-of-9 multisig setup.
The borrowed BONE tokens used in the attack remain locked in Validator 1 due to unstaking delays. This allows developers to freeze those funds. This delay mechanism may prevent the attacker from fully profiting from their exploit.
Shibarium is under damage control mode
Developer Dhairya noted they are currently in “damage control mode” and haven’t decided whether the breach originated from a compromised server or developer machine. The team is working with security firms Hexens, Seal 911, and PeckShield to investigate the incident.
Authorities have been contacted about the attack, but the team remains open to negotiations. They offered not to press charges if the funds are returned and indicated willingness to pay a small bounty for the assets’ recovery.
Cross-chain bridges have become prime targets for hackers due to their complex security models and large fund pools. The Shibarium incident joins a growing list of bridge exploits that have cost the DeFi ecosystem billions in losses.
The team plans to restore stake manager funds once secure key transfers are completed and validator control integrity is verified.
Full network functionality will resume only after confirming the extent of any validator key compromise and implementing additional security measures.
