coin-img-ETHETH-0.71%coin-img-BTCBTC-0.06%coin-img-SOLSOL-0.53%coin-img-XRPXRP-0.62%coin-img-USDCUSDC-0.02%coin-img-HYPEHYPE+6.55%coin-img-BNBBNB+0.14%coin-img-SUISUI-1.31%coin-img-ETHETH-0.71%coin-img-BTCBTC-0.06%coin-img-SOLSOL-0.53%coin-img-XRPXRP-0.62%coin-img-USDCUSDC-0.02%coin-img-HYPEHYPE+6.55%coin-img-BNBBNB+0.14%coin-img-SUISUI-1.31%coin-img-ETHETH-0.71%coin-img-BTCBTC-0.06%coin-img-SOLSOL-0.53%coin-img-XRPXRP-0.62%coin-img-USDCUSDC-0.02%coin-img-HYPEHYPE+6.55%coin-img-BNBBNB+0.14%coin-img-SUISUI-1.31%coin-img-ETHETH-0.71%coin-img-BTCBTC-0.06%coin-img-SOLSOL-0.53%coin-img-XRPXRP-0.62%coin-img-USDCUSDC-0.02%coin-img-HYPEHYPE+6.55%coin-img-BNBBNB+0.14%coin-img-SUISUI-1.31%

Alephium TokenBridge exploited: $815,000 stolen in under seven minutes

Alephium's (ALPH) TokenBridge has been hit by an exploit that drained about $815,000 after an attacker abused a flaw that let forged cross-chain messages pass the protocol's guardian network and approve unauthorized transfers. Alephium said blockchain security firm Blockaid was the first to spot the attack. The Security Alliance's SEAL_911 incident-response team also assisted during the investigation. The attacker moved assets from the bridge on both Ethereum and BNB Chain in roughly seven minutes. On Ethereum, losses included 200,967 Tether (USDT), 17,594 USD Coin (USDC), 5.18 Wrapped Ether (WETH), and 0.335 Wrapped Bitcoin (WBTC). On BNB Chain, another 36,750 USDT and 24.386 Wrapped BNB were taken. Alephium also reported that the attacker minted 13.76 million unbacked wrapped ALPH and sent the tokens directly to their wallet. The team has since shut down the bridge and said it is evaluating options to make affected users whole. In a May 30, 2026 statement posted via its official account, Alephium publicly thanked Blockaid for early detection and SEAL_911 for its responsiveness during the incident. The breach adds to a growing list of cross-chain and DeFi incidents in 2026. Crypto hacking losses totaled $606 million in April, while the May DeFi hack tally has continued rising heading into June. A CrossCurve bridge exploit and a Hyperbridge exploit, both revised to $2.5 million, have also added to the year's total. Alephium said its TokenBridge is built on a fork of the Wormhole protocol, which uses a guardian network to validate cross-chain messages. Transfers require a quorum of guardian signatures, making any ability to inject fraudulent messages a critical vulnerability. Early reports suggested compromised guardian private keys, echoing the Gravity Bridge key compromise that resulted in $5.4 million in losses earlier in 2026. Alephium's post-incident update disputed that account: "The exploit does not appear to have involved a compromise of guardian private keys. Instead, it appears to have involved an exploit that allowed forged malicious events/messages to be observed and signed by guardians," the team said. Alephium emphasized that the distinction is important: a key compromise points to operational security failure, while forged-message validation issues suggest a weakness in how inbound data was verified before being presented to guardians. The team said a full technical postmortem is forthcoming.
Selected
USDC
USDC-0.01%
WBTC
WBTC-0.11%
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.