Hackers drained nearly $815,000 from the Alephium Token Bridge on Ethereum. They minted 13.76 million ALPH tokens from the forged transactions, prompting the project to warn liquidity providers to withdraw their funds immediately.
This exploit adds to the growing number of bridge attacks that occurred in May. The Verus-Ethereum Bridge lost about $11.5 million in an attack on May 18, while Cryptopolitan reported earlier on May 30 that the Gravity Bridge lost $5.4 million, the same day Alephium’s TokenBridge was hit by an exploit.
What made the attack successful?
Blockchain security company Blockaid discovered the exploit It was reported that the attacker hacked three of the four keys protecting the bridge. When controlling the majority of the signature, the attacker forged Verified Action Acknowledgments (VAAs), which are cryptographic messages that allow cross-chain transfers.
According to Blockaid, the entire process took about seven minutes. The attacker used spoofed VAA services to mint 13.76 million wrapped ALPH, representing more than 100% of the token’s previously wrapped supply. Additional assets, including USDT, USDC, WBTC and WETH, have been unlocked from the bridge custodial contract.
On-chain analyst Specter noted that the attack hit the Ethereum Bridge and BNB Chain contracts. Specter stated that the attacker then transferred the stolen funds from the BNB chain to Ethereum, a portion of which had already been deposited into Tornado Cash, according to Specter’s analysis published on X.
Alephium denies principal settlement to trustee
However, Alephium provided further updates that contradict what Blockaid provided, saying: “The exploit was not caused by compromised custodian keys, contrary to some early external reports.”
According to the protocol, the exploit “resulted from an off-chain vulnerability in the bridge backend that can be triggered in specific edge cases.”
Alephium provided a breakdown of the funds drained across Ethereum and BNB, noting that 200,967 USDT, 17,594 USDC, 5.18 WETH, and 0.335 WBTC were taken from the former, while 36,750 USDT and 24,386 WBNB were taken from BNB.
Alephium asks LPs to withdraw
Alephium also warned anyone providing liquidity to ALPH pools on Uniswap or PancakeSwap.
In a follow-up update, the platform provided a comprehensive reason for asking users to withdraw liquidity, It is useful“Because the bridge is closed, the attacker cannot retrieve or staking these wrapped ALPHs back across the Alephium bridge. We therefore ask users not to provide liquidity to ALPH pools on Ethereum or the BNB chain, withdraw any existing liquidity, and not barter against these pools,” he said, adding that “additional liquidity or trading activity would increase an attacker’s ability to realize value from unauthorized wrapped ALPH.”
Alpha is It is currently trading at $0.037 With a market cap of over $5 million, while the total value locked (TVL) across Alephium’s DeFi protocols is around $756,000, it has over $308,000 in bridged TVL, per Devilama data.
The Alephium team stated that they are currently focused on recovery and remediation efforts and promised to share more updates in the next week.
A brutal month for bridges
The Alephium exploit adds to what has become a punishing stretch of cross-chain infrastructure.
the Breaking through the gravity bridgewhich was also reported on the same day, saw $5.4 million drained through what on-chain analysts suspect was a major contract compromise, Cryptopolitan reports.
About two weeks ago, the Verus-Ethereum Bridge lost $11.5 million in a verification bypass exploit, according to the DefiLlama hack database. Thorchen too It was subjected to a $10 million coordinated attack across Bitcoin, Ethereum, BNB Chain, and Base on May 15, as reported by Cryptopolitan.
Cross-chain bridges have seen increased attacks from bad actors recently, collectively losing more than $326 million in 2026 alone as of mid-May.
Bridge protocols account for $3.2 billion of the $16.6 billion in total value hacked across cryptocurrency history, according to DefiLlama, a disproportionate share given the relatively small number of bridge protocols compared to other DeFi categories.
The continued vulnerability of these platforms and the increasing frequency of attacks from April to May made this pattern difficult to ignore.
