The recent issue with Alephium, a Layer-1 blockchain, wasn’t caused by a hack of its security keys or a flaw in its code, despite initial reports. After security firm Blockaid raised concerns, the Alephium team clarified that the problem stemmed from something else entirely – not compromised keys, and not a smart contract exploit.
The Alephium team announced on X that a problem with the bridge was caused by a weakness in its underlying code, which could be exploited in rare situations. They quickly shut down the bridge after discovering the issue and have confirmed that no further transactions can be made through it, and the vulnerability has been fixed.
Blockaid, the first to identify the problem, has updated its initial findings. After further investigation and collaboration with the Alephium team, they now believe the issue wasn’t a security breach of private keys. Instead, it seems someone exploited a vulnerability that let them create and send fake, harmful transactions through the bridge.
This new information significantly changes what we previously understood about the recent issue. Earlier reports, including those from The Crypto Times, suggested the problem stemmed from hackers stealing three out of four crucial security keys, giving them control over the system. However, it now seems that initial understanding was based on limited and preliminary information available right after the incident began.
Full breakdown of drained assets
As a researcher following this situation, I can report that the Alephium team has fully detailed the assets that were improperly taken from the bridge connecting the two blockchains. They’ve provided a complete breakdown of everything that was drained.
The attacker stole a total of 200,967 USDT, 17,594 USDC, 5.18 WETH, and 0.335 WBTC on Ethereum. On BNB Chain, they took 36,750 USDT and 24.386 WBNB. These losses included funds from both users and the Alephium team.
Besides the stolen funds, about 13.7 million wrapped ALPH tokens were created on Ethereum without an equivalent amount being held securely on the Alephium blockchain. However, the team emphasized that the ALPH tokens stored directly within the bridge itself were not taken.
Users who had their ALPH tokens locked in the bridge when it shut down will be able to get their funds back. Alephium is creating a special process to help these users recover their ALPH.
With the bridge temporarily closed, the hacker can’t convert or transfer the stolen ‘wrapped ALPH’ tokens back through the official Alephium bridge. The team strongly advises users to avoid adding funds to ALPH trading pools on Ethereum or BNB Chain, and to immediately remove any funds they already have in those pools. They also recommend against trading with these pools on platforms like Uniswap or PancakeSwap. Adding more funds or making trades would only help the attacker profit from the stolen tokens.
Alephium pledges to compensate affected users
Alephium has confirmed it’s looking into ways to reimburse users who were impacted by the recent issue. Their goal is to fully cover any losses, and they’re dedicated to achieving this, though they recognize it will take time. Supporting affected users is still their top priority.
Alephium publicly thanked Blockaid for quickly identifying the security issue and for their ongoing help with the investigation. They also expressed gratitude to SEAL 911, the emergency security team, for their fast and effective response during the incident.
What comes next
The Alephium team is now completely dedicated to fixing the recent issues and minimizing the damage. They’re working non-stop and will share another update on Monday.
Next week, the team will share more details about getting ALPH back for users affected by the bridge issue, explain what happened with the exploit and why it occurred, and publish a full report on the incident.
The incident’s security impact is significantly different now that we know the problem was a weakness in the backend systems, not a compromised guardian key. A key compromise would have indicated serious flaws in how Alephium’s Wormhole guardians protected their signing processes.
Unlike a problem with the core bridge contracts themselves, an off-chain vulnerability means there’s a weakness in the supporting software that connects the bridge to its security network. This type of flaw could potentially impact other bridges built in a similar way.
The bridge is currently closed. If you have wrapped ALPH on Ethereum or BNB Chain, please don’t use any ALPH liquidity pools. If your ALPH is locked in the bridge, the team will announce a way to get it back next week, so please wait for that announcement.
Read More
- Off Campus Season 1 Soundtrack Guide
- X-Men ’97 Finally Gave Gambit the Hero Moment He Deserved
- Chainsaw Man Volume 24’s Cover Art Reveals a Brand-New Denji
- 46 Years Later, The Mandalorian & Grogu Answers A Major Empire Strikes Back Question
- HoI4 fans harsh reactions to the announcement of another DLC pack
- 10 Worst End-Game Couples In Sitcom History
- DoorDash responds after customer uses AI to make food look bad and get a refund
- Gold Rate Forecast
- Emily Henry Says to ‘Trust the Vision’ For Beach Read Adaptation
- Euphoria Season 3’s New R-Rated Sydney Sweeney Scene Proves The Show Is Trolling Us
2026-05-30 21:26