UPDATE 13/09/25 What we know so far about the recent incident 👇 How the exploit was executed: • The attacker used funds from the bridge hack in the same block as the attack to acquire 4.6M BONE to temporarily gain validator voting power, attempting to do it in one transaction like a flash transaction • With this, they were able to sign a malicious state on Shibarium. • The flash loan-like transaction was repaid using assets drained from the bridge: 224.57 ETH & 92.6B SHIB. • Importantly, because the BONE remains delegated to validators, it is currently locked and cannot be withdrawn. Validator compromise: • Evidence indicates 10 of 12 validators’ signing keys were compromised. • Only @K9finance and @UnificationUND validators refused to sign the malicious state. • Without the flash loan, ($1m BONE bought and delegated in 1 transaction using the hacked funds) the attacker would not have achieved the required 2/3 majority. Assets affected: • Bridge assets: 224.57 ETH & 92.6B SHIB. • The attacker attempted to sell ~$700K in KNINE but all attempts failed after @K9finance DAO multisig blacklisted their address. • Additional tokens impacted (LEASH, ROAR, TREAT, BAD, SHIFU) have not been moved or sold at this time. Immediate actions taken: • Paused stake/unstake functions to protect community assets. • Transferred stake manager funds from proxy contracts to a secure 6/9 hardware multisig. • Partnered with Hexens, Seal911, and PeckShield for a full forensic investigation. Next steps: • Secure validator key transfers and confirm full chain integrity. • Restore stake manager funds once security is assured. • Continue coordinating with partners to freeze attacker-linked funds • Publish a full incident report once investigations conclude. Our commitment: The #ShibArmy deserves clarity and accountability. This is a fast-moving investigation, and we are working around the clock with leading security partners. Please bear with us — verified updates will be shared as soon as possible. Attacker address: https://t.co/RkF74BCioL