On June 17, 2026, the Shade team was notified of an exploit affecting Axelar’s bridge to Secret Network. An attacker exploited a CW20 token contract used for Axelar’s wrapped assets on Secret — minting tokens that were never backed by real collateral — and used the Axelar bridge to drain roughly $4M in genuine assets. Approximately $600k of the affected assets had been deposited by users into Shade smart contracts.
We await the full post mortem from both the Axelar and Secret Network team.
A few things we want our community to understand clearly:
Shade did not deploy the exploited contracts. The compromised CW20 token contracts and the Axelar bridge they moved through are operated by Axelar integrated with official Secret Network deployed smart contracts. Shade integrated these assets in good faith four years ago in 2022, as did much of the Secret ecosystem, on the assumption that the underlying bridging infrastructure would operate safely.
The fraudulent mints moved across the Axelar bridge without being stopped. Tokens that were never backed were minted and bridged into real value. Bridge level safeguards are the appropriate place to detect and halt this class of attack, and that did not happen here.
Responsibility for the affected infrastructure sits with both Axelar and Secret. The compromised contracts and the bridge they crossed are theirs to operate and secure, and so is the path to recovery. Shade is engaged with both teams and will advocate for the strongest possible outcome for every impacted user.
Fund recovery discussions are led by Secret and Axelar. As the parties that control the affected infrastructure, they hold the path to recovering funds or making users whole. We’d ask that community questions on recovery be handled directly by Secret and Axelar, who are positioned to lead that process.
We’ll keep posting updates here as we learn more.
Axelar Tweet:
Secret Tweet: