Blockchain News

Alephium Reveals Cause of $815K Bridge Exploit, Promises Compensation

The attacker drained USDT, USDC, WETH, WBTC, and WBNB worth about $815K and minted 13.7M unbacked wrapped ALPH, though Alephium says users with ALPH locked in the bridge will be able to recover their funds.

Written By:
Dishita Malvania
Alephium Reveals Cause of $815K Bridge Exploit, Promises Compensation
Alephium’s bridge exploit correction reveals an off-chain vulnerability as the root cause, changing the narrative of the incident’s origin and impact.
The bridge shutdown and neutralization of the exploit path ensure no new transactions can be initiated, mitigating further potential losses and damage.
Investigations and revisions by Blockaid and the Alephium team indicate a new understanding of the exploit, focusing on forged malicious events rather than compromised guardian keys.

The Layer-1 blockchain Alephium’s bridge exploit story has taken a sharp turn. Hours after blockchain security firm Blockaid flagged the incident and early reports pointed to a compromise of 3 of 4 guardian private keys, the Alephium team has now come forward with a critical correction: the exploit was not caused by compromised guardian keys at all. It was not a smart contract exploit either.

According to a detailed update posted by the Alephium team on X, the root cause was an off-chain vulnerability in the bridge backend that could be triggered in specific edge cases. The bridge was shut down shortly after the exploit was identified, and the team confirmed that no new bridge transactions can be initiated and that the exploit path has been fully neutralized.

Blockaid, which was the first firm to detect and flag the exploit, also revised its earlier assessment. In a follow-up reply, Blockaid stated that based on additional information from its investigation and the Alephium team’s analysis, the exploit does not appear to have involved a compromise of guardian private keys. Instead, the firm said, it appears to have involved an exploit that allowed forged malicious events and messages to be pushed through the bridge.

This is a significant departure from the initial narrative. Earlier reporting, including from The Crypto Times, had attributed the exploit to three of four guardian keys being stolen, granting the attacker full bridge authority under the Wormhole quorum formula. That framing now appears to have been based on incomplete information circulated during the early hours of the incident.

Full breakdown of drained assets

The Alephium team provided a complete accounting of the assets illegitimately drained from the bridge across two chains.

On Ethereum, the attacker drained 200,967 USDT, 17,594 USDC, 5.18 WETH, and 0.335 WBTC. On BNB Chain, the losses included 36,750 USDT and 24.386 WBNB. The affected assets included both user funds and assets belonging to the Alephium team itself.

In addition to the drained assets, approximately 13.7 million wrapped ALPH tokens were minted on Ethereum without any corresponding ALPH locked on the Alephium chain. However, the team clarified a critical distinction: the ALPH held within the bridge itself was not drained. 

This means users whose ALPH remained locked in the bridge at the time of the shutdown will be able to recover their funds. Alephium has committed to providing a dedicated recovery process for those affected users to reclaim their ALPH.

Because the bridge has been shut down, the attacker cannot redeem or bridge the unauthorized wrapped ALPH back through the Alephium bridge. The team has urged users not to provide liquidity to ALPH pools on Ethereum or BNB Chain, to withdraw any existing liquidity immediately, and not to swap against these pools on Uniswap or PancakeSwap. Any additional liquidity or trading activity, the team warned, would increase the attacker’s ability to realize value from the unauthorized wrapped ALPH.

Alephium pledges to compensate affected users

On the compensation front, Alephium stated clearly that it is exploring all available options to compensate affected users. The team said its objective is to make affected users whole and that it is committed to working toward that outcome. The team acknowledged that this process may take time but said that supporting affected users remains a priority.

Alephium issued a public thank-you to the Blockaid team for being the first to detect the exploit and for their continued support throughout the investigation. The team also thanked SEAL 911, the emergency security response group, for its assistance and responsiveness during the incident.

What comes next

The Alephium team said it is now fully focused on recovery and remediation efforts and is working around the clock to address the impact. The team confirmed that its next update will be shared on Monday. 

Throughout next week, the team plans to release additional information regarding the recovery process for users with ALPH locked in the bridge, further details on the exploit and its cause, and a comprehensive postmortem.

The fact that the exploit turned out to be an off-chain backend vulnerability rather than a guardian key compromise changes the security implications of this incident considerably. A key compromise would have pointed to fundamental operational security failures in how Alephium’s Wormhole fork guardians managed their signing infrastructure. 

An off-chain backend vulnerability, on the other hand, suggests a flaw in the software layer that sits between the guardian network and the bridge contracts, something that could potentially affect other bridge implementations running similar architectures.

For now, the bridge remains shut down. Users holding wrapped ALPH on Ethereum or BNB Chain should avoid interacting with any ALPH liquidity pools. Users with ALPH locked inside the bridge should wait for the dedicated recovery process the team has promised to announce next week.

Also Read: Alephium Reveals Real Cause of $815K Bridge Exploit, Promises User Compensation

Disclaimer: The information researched and reported by The Crypto Times is for informational purposes only and is not a substitute for professional financial advice. Investing in crypto assets involves significant risk due to market volatility. Always Do Your Own Research (DYOR) and consult with a qualified Financial Advisor before making any investment decisions.
Google News Banner
TAGGED:
Share This Article
Dishita Malvania - Senior crypto journalist at The Crypto Times
By Dishita Malvania
Follow:
Dishita Malvania is a Crypto Journalist with 3 years of experience covering the evolving landscape of blockchain, Web3, AI, finance, and B2B tech. With a background in Computer Science and Digital Media, she blends technical knowledge with sharp editorial insight. Dishita reports on key developments in the crypto world—including Litecoin, WazirX, Solana, Cardano, and broader blockchain trends—alongside interviews with notable figures in the space. Her work has been referenced by top digital media outlets like Entrepreneur.com, The Independent, The Verge, and Metro.co, especially on trending topics like Elon Musk, memecoins, Trump, and notable rug pulls.

Latest News

BitFi Unveils Public Sale as BFI Governance Token Nears Launch
BitFi Unveils Public Sale as BFI Governance Token Nears Launch
Solana Founder Signals Support for New SOL Burn Mechanism Proposal
Solana Founder Signals Support for New SOL Burn Mechanism Proposal
Prediction Markets Could Shape the Future of Information: a16z Crypto
Prediction Markets Could Shape the Future of Information: a16z Crypto
Crypto Market Today BNB Outperforms at $700 as BTC Holds $73K
Crypto Market Today: BNB Outperforms at $700 as BTC Holds $73K
BNB Jumps 9% in 24 Hours, Breaks Above Key $700 Level
BNB Jumps 9% in 24 Hours, Breaks Above Key $700 Level

Find Us on Socials

You may also like