PANews, June 20 — Cross-chain protocol Axelar Network issued a statement regarding a recent security incident, clarifying that there are misunderstandings within the community. The Axelar Network itself and the IBC protocol were not attacked or compromised, and the affected token smart contract was not developed, deployed, or maintained by Axelar Network. The exploited contract is a forked version based on the CW20-ICS20 implementation, but the developer removed two core security checks, resulting in an “infinite minting” vulnerability. By deleting the verification mechanisms originally designed to prevent such issues, the fork altered the contract’s original trust model and did not undergo a new security audit.

Axelar Network further explained that anyone can deploy contracts for cross-chain asset wrapping via IBC, and similar contracts are also used to wrap tokens from other chains onto Secret Network. This incident is not a unique logic flaw, nor is it a problem with the IBC protocol itself, but rather a security risk introduced by modifications to a third-party contract.