Alephium TokenBridge Ethereum Cross-Chain Bridge Attacked, Approximately $815,000 in Assets Stolen in About 7 Minutes
The Alephium TokenBridge Ethereum cross-chain bridge was attacked, with the attacker controlling 3 out of 4 Guardian keys and forging a VAA to complete the attack.
In about 7 minutes, the attacker stole approximately $815,000 in assets, while minting 13.76 million Wrapped ALPH, exceeding the circulating supply before the attack by over 100%, and transferring USDT, USDC, WBTC, and WETH from the custody pool.
Market mechanisms have once again exposed risks in the multi-signature mechanism of cross-chain bridges, accelerating the flow of funds from centralized Guardian solutions to more decentralized security protocols. Alephium is under pressure from trust collapse and asset devaluation, while demand for cross-chain security audits and insurance services is surging.
Source: Public Information
ABAB AI Insight
Alephium previously launched TokenBridge as a Layer 1 project to achieve interoperability with Ethereum assets. This incident with the Guardian multi-signature highlights a common single point of failure in cross-chain protocols, similar to the historical risks exploited in the early Guardian mechanism of Wormhole.
In terms of capital pathways, the attacker forged verification messages and minted excessive Wrapped ALPH by controlling the majority of Guardian keys, motivated by exploiting vulnerabilities in cross-chain trust assumptions for rapid arbitrage, exposing structural weaknesses that even multi-signature designs rely on a few entities for control.
Similar cases include the $600 million loss of the Ronin bridge in 2022 due to majority private key control, and recent minting attacks on several bridging protocols due to compromised permissions; the cross-chain field is currently accelerating its transition from multi-signature Guardians to zero-knowledge and distributed verification.
Essentially, this represents a technological shift: cross-chain infrastructure is moving from reliance on a few Guardian keys to decentralized verification systems, where the mechanism of high-value asset custody amplifies attack returns, forcing protocol parties to reallocate capital to architectures resistant to majority compromise, thereby increasing overall DeFi security costs and reconstructing trust pricing.
ABAB News · Cognitive Law
3/4 Majority equals single point; trusting a few equals trusting risk.
The more assets, the more dangerous the bridge; the more centralized the mechanism, the easier the attack.
Excellent protocols sell decentralization, while weak protocols sell speed and convenience.