RE: LeoThread 2025-09-13 12:20

• The intruder leveraged funds from a bridge hack to obtain 4.6M BONE within the same block, temporarily acquiring voting power for validators by attempting it in a single transaction, similar to a flash loan.

• This allowed the signing of a fraudulent state on Shibarium.

• The flash loan-like transaction was settled using assets taken from the bridge: 224.57 ETH & 92.6B SHIB.

• Notably, the BONE is still delegated to validators and thus is locked and not withdrawable.

Validator Breach:

• It appears 10 out of 12 validators' signing keys were compromised.

• Only the validators associated with specific entities declined to endorse the fraudulent state.

• Without the rapid loan of funds (buying and delegating $1m in BONE with hacked funds), the attacker would not have met the 2/3 majority needed.

Involved Assets:

• Compromised bridge assets: 224.57 ETH & 92.6B SHIB.

• The attacker tried to liquidate approximately $700K in KNINE, but all attempts were thwarted after a specific DAO multisig blacklisted their address.

• Other affected tokens (LEASH, ROAR, TREAT, BAD, SHIFU) have yet to be moved or sold.

Immediate Measures:

• Suspended staking/unstaking operations to safeguard community assets.

• Relocated stake manager funds from proxy contracts to a secure multisig wallet.

• Collaborated with expert firms for an extensive forensic review.

Upcoming Actions:

• Secure the transfer of validator keys and verify full chain security.

• Restore stake manager assets once safety is guaranteed.

• Continue collaboration with partners to immobilize funds linked to the attacker.

• Release a comprehensive incident report upon completing investigations.

Commitment:

The community expects transparency and responsibility.

Efforts are underway round-the-clock with prominent security partners to resolve this swiftly. Continue to stay patient—verified updates will be distributed promptly.

We are aware of the activity flagged by a security partner and have engaged both internal teams and external security experts to thoroughly investigate.

Our primary concern is the protection of the community. We are actively working to identify the root cause and ensure every possible protective measure is implemented.

A detailed report on the findings and future steps will be released once the investigation is completed, ensuring full transparency.