Plasma News Today: Shibarium Bolsters Plasma Bridge Security to Reinstate Trust After $4.1M Exploit

Shibarium has reactivated its PlasmaXPL-- Bridge for the BONE token, introducing enhanced security measures following a $4.1 million exploit in September 2025. The bridge, which facilitates cross-chain transfers between EthereumETH-- and Shibarium, now features a blacklisting system to block malicious addresses and a 7-day withdrawal delay for BONE transactions. These updates aim to bolster fraud resistance while maintaining user access, according to a Shiba Inu blog post.

The bridge's reopening follows a coordinated attack involving fake checkpoints and a 4.6 million BONE token stake that disrupted Heimdall's state continuity. Developers worked nonstop for over 10 days to contain the breach, recover assets, and implement security upgrades. Key actions included migrating over 100 critical contracts to multi-signature wallets, rotating validator signing keys, and extending withdrawal delays to 30 checkpoints (approximately 24 hours), according to a CryptoBasic update. Cybersecurity firm Hexens.io independently validated the changes, adding an additional layer of scrutiny in a Shibarium security report.

A new blacklist mechanism now prevents flagged addresses from staking, unstaking, or claiming rewards, while the 7-day delay provides security teams time to monitor transactions for anomalies. "Plasma's strength is fraud-resistance. The delay reinforces that property and provides a practical response window if anomalies are detected," said Kaal Dhairya, a lead developer in the initial blog post. The bridge underwent rigorous testing, including unit tests, simulations, and deployments on Puppynet, before its relaunch, according to the Shibarium security report.

The exploit had drained $600 worth of OSCAR tokens and $717,000 in KNINE tokens, though the attacker ignored a 5 ETH bounty offer for returning the latter. A larger, conditional bounty (amount TBD) will be announced to incentivize the return of all KNINE tokens held by attacker-controlled addresses, which remain blacklisted, the blog post said. Affected users will need to wait for a phased repayment program, with details to be shared once security checks are finalized, according to a CryptoBasic follow-up.

Shibarium plans to gradually expand token coverage on the Plasma Bridge, applying the same testing standards to other assets like SHIB and TREAT. The team also announced infrastructure upgrades, including a partnership with dRPC.org to consolidate RPC services and improve reliability, as reported in a Coin-Views post.

The incident underscores the ongoing risks in cross-chain infrastructure, with blockchain security researcher John Farrel noting that "bridge protocols remain high-value targets" despite swift responses from developers, as TronWeekly noted. For now, Shibarium's enhanced safeguards aim to restore trust while balancing security with usability, positioning the network as a more resilient Layer-2 solution for DeFi and cross-chain applications, according to the Shibarium security report.