Hackers drained about $600,000 from Namada’s privacy pool, according to security researchers. The loss went unnoticed at first because blockchain tracking tools continued to show the funds as available even after they had been moved.
The issue came to light after analysts compared data from blockchain explorers with live network records. Their review showed that several assets had already been withdrawn from the protocol despite still appearing in the pool’s reported balances.
In a thread on X, security firm F12 said the incident affected Namada’s Multi-Asset Shielded Pool (MASP), which allows users to make private transfers across the Cosmos ecosystem. The firm said balances for tokens including ATOM, USDC, OSMO, TIA, and NYM remained visible on the indexer, while live blockchain data showed the assets had been drained.
The incident has raised questions about how quickly problems can be detected on privacy-focused networks when tracking data falls out of sync with actual blockchain activity. Namada had not issued a detailed statement on the matter at the time of publication.
Live data exposed missing assets
Data shared by F12 suggested that several assets held in Namada’s privacy pool had been completely drained. The firm’s comparison of blockchain explorer data with live network records showed that balances for tokens including ATOM, USDC, OSMO, TIA and NYM had fallen to zero, even though some explorers continued to display the funds as available.
F12 said the attacker appeared to target liquid assets that could be moved across the Cosmos ecosystem while leaving behind staked and less liquid holdings. To support its findings, the firm published wallet addresses, network endpoints and other data that could be independently verified.
DefiLlama has listed the event in its hacks database as a $600,000 exploit on June 19, 2026, classifying it as a Protocol Logic incident via an IBC Transfer Logic Exploit.
The sharp decline marked another setback for the pools, which had held more than $2.5 million at their peak earlier in 2025 before gradually losing value over the following months.
Cross-chain risks continue growing
The incident also sparked questions about Namada’s activity and oversight. Commenting on X, crypto researcher Usmann asked whether the project had been abandoned after what appeared to be a $600,000 drain from the privacy pool.
The case comes amid a broader wave of security breaches across the digital asset industry. In recent months, attackers have exploited vulnerabilities affecting multiple blockchain networks and cross-chain connections. Axelar disclosed a $4.67 million exploit linked to its connection with Secret Network, while mySwap lost about $300,000 after attackers manipulated its liquidity accounting system. Separately, blockchain security firm SlowMist reported a $2.21 million theft involving Aztec Network’s RollupProcessor contract.
The losses add to a growing toll from crypto-related attacks. Data from DefiLlama shows hackers have stolen roughly $16.6 billion from the sector over time, including about $7.8 billion from decentralized finance protocols. Cross-chain bridge attacks, which target the infrastructure used to move assets between blockchains, account for another $3.3 billion.
The latest incidents underscore the risks facing interconnected blockchain networks, where a weakness in a single protocol or bridge can expose users and assets across multiple ecosystems.
Also Read: Bitcoin Whale Dumps 800 BTC After 7 Months, Realizes $35M Loss
