Axelar Network Responds to Security Incident: Vulnerability Stemmed from Third-Party Token Contract's 'Infinite Minting' Issue

CoinFeed reported on June 20 that cross-chain protocol Axelar Network issued a statement regarding a recent security incident, clarifying that the community had misunderstood the event. Axelar Network itself and the IBC protocol were not attacked or compromised, and the affected token smart contract was not developed, deployed, or maintained by Axelar Network. The exploited contract was a forked version based on CW20-ICS20, but the developers removed two core security checks, leading to an 'infinite minting' vulnerability. By deleting the verification mechanisms originally designed to prevent such issues, the fork altered the contract's original trust model and did not undergo a new security audit.