Key Highlights
- Alephium burned unauthorized wALPH tokens held by the attacker after the bridge exploit.
- Around 500,000 unbacked wALPH were sold on Uniswap before the burn and will be backed with native ALPH.
- The project is considering a full bridge relaunch after completing extensive security reviews.
Alephium, a layer-1 proof-of-work blockchain, has taken decisive action following a bridge exploit by burning unauthorized wrapped ALPH (wALPH) tokens held by the attacker.
In an official update posted on June 3, 2026, Alephium detailed the latest developments regarding the bridge incident. The team confirmed that the unauthorized wALPH in the attacker’s wallet was burned on June 2.
However, 500,000 unbacked wrapped ALPH had already been sold on the decentralized exchange Uniswap prior to this action. To address the resulting shortfall, Alephium stated it will inject the native ALPH to ensure these tokens remain fully backed.
Full relaunch of bridge operations expected
According to the update, the most likely next step is a full relaunch of bridge operations once security measures are verified. The team believes this approach offers the fastest, safest, and simplest route for users to redeem their assets through the original bridge mechanism. A separate redemption process for wALPH holders remains an option if the bridge relaunch faces delays.
Alephium emphasized that the vulnerability exploited in the attack has been fixed. However, the project is conducting extensive security reviews and assessments before proceeding with any relaunch. “We prioritize security over speed,” the team noted.
The project has promised a full postmortem report in the coming days, which is expected to provide more technical details on how the exploit occurred, the total amount drained, and lessons learned. Further updates on the timeline for the bridge relaunch will also be shared.
Attack approximated $815k loss in assets
On May 30, 2026, Alephium’s TokenBridge was exploited across the Ethereum and BNB Chain networks, resulting in a loss of approximately $815,000 in assets.
The attacker did not steal any guardian private keys. Instead, they deployed a fake contract that generated forged messages, which were then used to create counterfeit Verified Action Approvals (VAAs). By temporarily disrupting connectivity to the bridge nodes, the hacker forced the system into a fallback validation mode and successfully tricked the guardians into approving unauthorized transfers.
The attacker drained multiple assets from the bridge’s escrow pool, including USDT, USDC, WETH, and WBTC. In addition, they minted roughly 13.76 million unbacked wrapped ALPH (wALPH) tokens, an amount that exceeded Alephium’s entire circulating supply at the time. The entire exploit unfolded in about 7 minutes, with the main draining of funds completed in just over 60 seconds.
Cross-chain bridges suffers multiple exploits
The bridge incident comes at a time when the broader crypto industry continues to grapple with infrastructure security. Cross-chain bridges have suffered multiple high-profile exploits in recent years, resulting in losses totaling hundreds of millions of dollars across various protocols.
For users holding wALPH or those who had assets in the Alephium bridge, the project advised monitoring official channels for further instructions. No immediate action is required from users at this stage, but those concerned about their positions are encouraged to follow future announcements regarding redemption processes.
Also Read: Kalshi Brings Bitcoin Perps to the U.S. No Expiry, No Fees for Now
