Shiba Network Targeted Through Flash Loan Attack
According to the project’s official X account, the attacker orchestrated the theft through Shibarium, the Layer-2 network designed to power the Shiba Inu ecosystem. By manipulating validator voting power, the hacker successfully deployed malicious code and siphoned funds from the network bridge.
UPDATE 13/09/25
What we know so far about the recent incident 👇
How the exploit was executed:
• The attacker used funds from the bridge hack in the same block as the attack to acquire 4.6M BONE to temporarily gain validator voting power, attempting to do it in one… https://t.co/4Ft1VMxeBv
— Shib (@Shibtoken) September 13, 2025
The breach began when the attacker obtained 4.6 million Bone ShibaSwap (BONE), Shibarium’s governance token, via a flash loan. This temporary surge in voting power gave them the two-thirds majority needed to push unauthorized software into the system.
Flash loans—instant, uncollateralized crypto loans repaid within a single transaction—are often used in legitimate arbitrage trading. However, they have increasingly become tools for sophisticated hacks, allowing bad actors to gain control of decentralized protocols without long-term commitments.
Once the malicious code was in place, the attacker drained the bridge of 224.57 ETH (≈ $1.03M) and 92.6 billion SHIB (≈ $1.27M). Other ecosystem tokens such as Doge Killer (LEASH), Shiba Inu TREAT (TREAT), and Shifu (SHIFU) were also affected, though these remain unmoved for now.
Shiba Inu Team’s Response
In immediate response, the Shiba Inu team paused staking and unstaking activities to safeguard community funds. They also shifted stake manager assets from proxy contracts to a “secure 6/9 hardware multisig” wallet, strengthening custody protections.
Blockchain security firm PeckShield has been brought in to lead a forensic investigation into the incident, while ecosystem developer Kaal Dhairya publicly extended an unusual olive branch to the attacker: “If the funds are returned, we will not press charges and are willing to consider a small bounty,” Dhairya stated.
What This Means for Holders
The hack underscores the risks tied to governance models that can be manipulated through flash loans. While the Shiba Inu team has acted swiftly to secure remaining funds and reassure holders, questions remain about the long-term security of Layer-2 networks built on community-led decision-making. Investors will watch closely to see whether the stolen funds will be returned or if this will mark another high-profile DeFi loss.
