Asterix Hack 2026 — $10M Exploit Analysis

Cross-chain bridge message forgery drained $10M across Ethereum and Arbitrum

Details

Full Description

On June 7, 2026, Asterix bridge between Ethereum and Arbitrum was exploited for $10 million. The attacker discovered a vulnerability in the cross-chain message verification system that allowed them to forge bridge messages. By creating fake deposit proofs on Ethereum, the attacker minted unbacked tokens on Arbitrum, which were then sold or used as collateral. Simultaneously, the attacker withdrew real assets from the Ethereum side using manipulated withdrawal proofs. The exploit went undetected for several hours due to insufficient monitoring.

Laundering Analysis

ARB tokens were sold through decentralized exchanges and bridged to Ethereum. ETH was consolidated and deposited into Tornado Cash. The attacker used multiple intermediate wallets and cross-chain bridges to fragment the trail. A portion of funds was sent to privacy-focused Layer 2 solutions. The complexity of cross-chain movements has made tracing difficult.

Sources

Related Hacks

Back to Browse