BONE Surges 40% After Flash Loan Exploit Hits Shibarium
Shiba Inu’s layer-2 network, Shibarium, suffered a flash loan exploit on Wednesday that allowed an attacker to gain majority validator control, drain assets from its bridge, and temporarily halt staking operations.
According to Shibarium developer Kaal Dhariya, the attacker acquired 4.6 million BONE tokens—the network’s governance token—via a flash loan, giving them access to validator signing keys and majority validator power.
With this control, the attacker signed a fraudulent network state and siphoned funds from Shibarium’s bridge linking it to Ethereum. Because the BONE remains staked with an unstaking delay, the assets are still locked, providing developers a critical window to respond.
The Shibarium team has paused all staking and unstaking functions, moved remaining funds to a 6-of-9 multisig hardware wallet, and launched an internal investigation. The breach source—whether a compromised server or developer machine—remains unknown. Transaction data suggests losses near $3 million.
Security firms Hexens, Seal 911, and PeckShield are assisting, and law enforcement has been notified. Dhariya also extended a conditional offer to the attacker: return the funds, and no charges will be pressed, with a potential small bounty.
The market reacted sharply: BONE initially more than doubled in value before settling at a roughly 40% gain, while SHIB rose over 8%.
