Axelar responds to security incident: Axelar and IBC are unaffected; the vulnerability stems from an "unlimited minting" issue in a third-party token contract.

Odaily Planet Daily reports that Axelar Network, a cross-chain protocol, issued a statement regarding the recent security incident involving Secret Network. The statement clarified that there was a misunderstanding within the community. Neither Axelar nor the Inter-Blockchain Communication Protocol (IBC) was attacked or compromised. The affected token smart contracts were not developed, deployed, or maintained by Axelar, and Axelar's firewall mechanisms prevented the impact from spreading further to other chains. It is understood that the exploited contract was a fork based on CW20-ICS20, but the developers removed two core security checks, leading to an "infinite mint" vulnerability. Because the verification mechanisms originally designed to prevent such issues were removed, the fork altered the original trust model of the contract and was not subject to a new security audit. Axelar Network explained that anyone can deploy contracts for cross-chain asset encapsulation via IBC, and similar contracts have been used to encapsulate tokens from other chains into Secret Network. However, the Secret-side fork version in this incident had a vulnerability due to the removal of critical security checks. This incident was not a unique logical flaw, nor was it a problem with the IBC protocol itself, but rather a security risk introduced by modifications to the third-party contract.