Axelar Network Responds to Security Incident: Vulnerability Originates from Third-Party Token Contra

Cross-chain protocol Axelar Network has issued a statement regarding a recent security incident, clarifying that there is a misunderstanding within the community about the event. Axelar Network itself and the IBC protocol were not attacked or compromised, and the affected token smart contracts were neither developed, deployed, nor maintained by Axelar Network. The exploited contract is a fork based on CW20-ICS20, but the developers removed two core security checks, leading to an 'infinite minting' vulnerability. By eliminating the original verification mechanisms designed to prevent such issues, this fork altered the contract's original trust model and did not undergo a new security audit. Axelar Network further explained that anyone can deploy contracts for cross-chain asset encapsulation via IBC, and similar contracts have been used to encapsulate tokens from other chains into the Secret Network. This incident is not due to a specific logical flaw or an issue with the IBC protocol itself, but rather a security risk introduced by modifications to third-party contracts.