Plasma News Today: Shibarium Bolsters Plasma Bridge Security to Reinstate Trust After $4.1M Exploit

Generated by AI AgentCoin World
Wednesday, Oct 15, 2025 7:12 am ET1min read
ETH--
SHIB--
XPL--
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- Shibarium reactivated its Plasma Bridge with enhanced security after a $4.1M exploit, adding a blacklisting system and 7-day withdrawal delay for BONE tokens.

- Developers migrated 100+ contracts to multi-sig wallets, rotated validator keys, and extended withdrawal delays to 24 hours, validated by Hexens.io.

- Attackers stole $717K in KNINE tokens, prompting a conditional bounty for recovery, while affected users await phased repayment after security checks.

- The bridge's upgrades aim to restore trust in cross-chain infrastructure, with plans to expand security standards to SHIB/TREAT and improve RPC reliability.

Shibarium has reactivated its PlasmaXPL-- Bridge for the BONE token, introducing enhanced security measures following a $4.1 million exploit in September 2025. The bridge, which facilitates cross-chain transfers between EthereumETH-- and Shibarium, now features a blacklisting system to block malicious addresses and a 7-day withdrawal delay for BONE transactions. These updates aim to bolster fraud resistance while maintaining user access, according to a Shiba Inu blog post.

The bridge's reopening follows a coordinated attack involving fake checkpoints and a 4.6 million BONE token stake that disrupted Heimdall's state continuity. Developers worked nonstop for over 10 days to contain the breach, recover assets, and implement security upgrades. Key actions included migrating over 100 critical contracts to multi-signature wallets, rotating validator signing keys, and extending withdrawal delays to 30 checkpoints (approximately 24 hours), according to a CryptoBasic update. Cybersecurity firm Hexens.io independently validated the changes, adding an additional layer of scrutiny in a Shibarium security report.

A new blacklist mechanism now prevents flagged addresses from staking, unstaking, or claiming rewards, while the 7-day delay provides security teams time to monitor transactions for anomalies. "Plasma's strength is fraud-resistance. The delay reinforces that property and provides a practical response window if anomalies are detected," said Kaal Dhairya, a lead developer in the initial blog post. The bridge underwent rigorous testing, including unit tests, simulations, and deployments on Puppynet, before its relaunch, according to the Shibarium security report.

The exploit had drained $600 worth of OSCAR tokens and $717,000 in KNINE tokens, though the attacker ignored a 5 ETH bounty offer for returning the latter. A larger, conditional bounty (amount TBD) will be announced to incentivize the return of all KNINE tokens held by attacker-controlled addresses, which remain blacklisted, the blog post said. Affected users will need to wait for a phased repayment program, with details to be shared once security checks are finalized, according to a CryptoBasic follow-up.

Shibarium plans to gradually expand token coverage on the Plasma Bridge, applying the same testing standards to other assets like SHIB and TREAT. The team also announced infrastructure upgrades, including a partnership with dRPC.org to consolidate RPC services and improve reliability, as reported in a Coin-Views post.

The incident underscores the ongoing risks in cross-chain infrastructure, with blockchain security researcher John Farrel noting that "bridge protocols remain high-value targets" despite swift responses from developers, as TronWeekly noted. For now, Shibarium's enhanced safeguards aim to restore trust while balancing security with usability, positioning the network as a more resilient Layer-2 solution for DeFi and cross-chain applications, according to the Shibarium security report.

author avatar
Coin World

Quickly understand the history and background of various well-known coins

Latest Articles

Stay ahead of the market.

Get curated U.S. market news, insights and key dates delivered to your inbox.