Syscoin Suspends Bridge After Exploit Mints Billions of Unauthorized Tokens

Syscoin has temporarily suspended its Bridge service following a security incident that resulted in the unauthorized creation of approximately 5 billion SYS.

In its preliminary postmortem, the company said the issue originated from a validation flaw within the Bridge mechanism. This vulnerability allowed an attacker to submit invalid transaction proofs that were mistakenly accepted, leading to the minting of unauthorized SYS via the UTXO bridge.

Following the exploit, the affected tokens were moved across the UTXO chain and dispersed into separate streams, with around 4 billion SYS and 1 billion SYS linked to two flagged addresses.

In response, Syscoin reports that it has pinpointed the faulty validation component, developed a corrective fix, and is coordinating with exchanges and ecosystem partners to monitor, freeze, or blacklist the associated funds. The company has also urged users to refrain from using the Bridge while it remains paused.

Source: Syscoin