An attacker exploited a validation flaw in Syscoin’s bridge system, minting about 5 billion SYS tokens without authorization and sending the token’s price into a nearly 20% freefall. This incident was revealed by the Syscoin team in an early postmortem published on X, and it comes during a tough stretch for SYS, which was already deeply in the red across the last few weeks and months. What Happened According to Syscoin’s postmortem, the attacker exploited a validation issue in the bridge relay path, which incorrectly accepted or interpreted a transaction proof. That error caused the system to treat a fraudulent transaction as valid and create an unauthorized output of approximately 5 billion SYS, then valued at just under $10 million. Per the Syscoin team, the stolen funds were sent to the address sys1qgaelv…9wvcw and then split across two other wallets, one holding about 4 billion SYS and the other the remaining 1 billion. Syscoin immediately paused the bridge and has since contacted exchanges and ecosystem partners asking them to blacklist or freeze any deposits connected to the tainted UTXO trail and its downstream transactions. The team also said that it had identified the affected validation path and had put in place a fix pending security review and implementation. According to blockchain analytics account Hupzy, operated by Spot On Chain, the incident was a recurring structural problem. It also noted that while blacklisting by exchanges may contain the secondary damage, the reputational hit to the bridge model will persist. A Token Already Under Pressure The exploit couldn’t have landed at a worse time for SYS holders, considering that when it happened, the token was already down more than 43% in seven days and over 82% in the last month. A lot of that longer-term decline was already in motion after Binance delisted SYS last month alongside four other tokens following a review of its listing standards. Shortly after the delisting news broke, the Syscoin community responded by pulling well over 300 million SYS from the exchange, with over 600 new nodes reportedly added to the network. The attack on the Syscoin bridge is the latest in a string of cross-chain security incidents that have kept DeFi on edge. They include an $11 million exploit on the Verus network in May and the draining of $7.3 million from more than 1,400 DxSale liquidity pools on the BNB Chain. Luckily for Verus, the hacker later returned about $8.5 million, keeping $2.8 million for themselves as a white-hat bounty. The post SYS Drops 20% After 5B Unauthorized Tokens Minted in Syscoin Bridge Exploit appeared first on CryptoPotato .
