The Shiba Inu community recently faced one of the biggest setbacks after hackers emitted millions from Shibarium, the ecosystem’s Layer-2 blockchain.
For context, the attack took place on September 12th, wiping out roughly $2.4 million in ETH and SHIB. Previous Report from Crypto-based. Blockchain Security Platform Peckshield First It called for the public’s attention In Exploit.
How did the shiverium hack occur?
Shortly after the violation, entrepreneur Mario Norfal revealed how the exploit occurred. Specifically, he I explained it The attacker retrieved a flash loan worth around $1 million from the cyvas wap bone token.
Blockchain data Showed Attacker Parts used stolen funds to pay off your flash loan Maintain Profits of millions. They also tried to throw away nine tokens worth around $700,000, but all attempts failed after K9 Finance blacklisted their wallets.
As a result, an attacker cannot move or use the nine assets. Now, the K9 Team Attackers introduced 5 ETH Awards to return nine tokens, on-chain data show.
Meanwhile, in response to a wider exploit, the Shaibarium team has eased its infiltrating and freezing into the stage. It moved Stake managers fund a safer multi-signature wallet brought Security companies use Hexan, SEAL911 and Peckshield to investigate.
Markle Route Exploit
Additionally, security analysts revealed further information after the exploit. Tikkala Security, for example, said several signer keys linked to Shibaswap were leaked, resulting in an additional loss of around $2.8 million.
It appears that multiple signer keys are leaking in syvas waps, causing a loss of $2.8 million today on @Shibtoken. The attacker (https://t.co/b9pqigqivy) has withdrawn multiple times by providing legal Merklleaf exit requests from routes signed with 10 different addresses. “legal”…
-Tikkala Security (@tikkalaresearch) September 12, 2025
The report explained that the attacker abused the Merkle Route Checkpoint by inserting a seemingly valid route signed with 10 addresses. Once the route was published, the attacker was able to pass a false exit request legally, allowing more funds to be released in multiple transactions.
Pulse digital too Confirmed This explained that Mercuru effectively roots It will change to Shibaswap’s skeleton key Route Chain Manager contract. The contract treats routes as reliable, so when an attacker slips in the compromised version, they keep Fake evidence and pull assets Outside.
Pulse Digital stress this Kindness The weakness show Poor governance and weak Key management. They asked Syvaswap to publish a full timeline of incidents, publish a list of signer addresses, and delegate an independent audit.
Here’s the following: ShibaINU Ecosystem Team Responds
Meanwhile, developer Kaal Dhairya dealt with this situation and described the exploit as a carefully planned attack that had been working for several months.
He confirmed that the hackers purchased over 4.6 million bones through a flash loan, seized a baller signing the key, and signed a malicious condition and discharged the assets.
shibarium Shibarium Bridge Security Update🚨
Earlier today, a sophisticated (probably planned in a few months) attack was carried out, buying 4.6 million bones using a flash loan. The attacker gained access to the validator’s signature key, achieved a majority of validator power, and signed maliciously…
-kaal (@kaaldhairya) September 13, 2025
Dhairya pointed out that the stolen bones remain locked due to delays surrounding the unstained effort that the bones entrusted to Validator 1 have been delegated to. This gave the team the opportunity to freeze these funds. He said the team quickly paused its staking capabilities and moved stake manager funds to a hardware wallet protected by six of six multi-signature setups.
The developer noted that they are still working to determine whether the breach came from a server compromise or a developer machine. According to Dhairya, authorities are taking part in the investigation, but the team remains open to negotiating with hackers if they return stolen funds.
Shiba Inu Ecosystem Marketer Lucie explained Exploits as examples of social engineering; something That’s there I hit it Many previous cryptographic projects. She emphasized that developers work round the clock with security experts and law enforcement to secure their networks.
Following the exploit, the hacker moved the Shiba inu tokens to a central address and routed them to multiple wallets. in press Time, these wallets still hold tokens Each balance The range is from 8 billion to 10 billion shibe.
Shavedium Hacker Wallet
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
