Shiba Inu’s decentralized finance platform K9 Finance, built on the Shibarium layer-2 network, has offered a 5 Ether ($23,000) bounty to the attacker behind a weekend exploit that drained about $2.4 million from its bridge. In an onchain message posted Monday, the team said the bounty offer will remain open for 30 days, with the reward beginning to decrease after seven days.
“Settlement is atomic when we call recoverKnine(). If you call accept() we cannot cancel the deal. Code is law,” the project wrote. The message urged the attacker to return stolen assets quickly. Shiba Inu developer Kaal Dhairya confirmed that authorities have been contacted, but the team remains open to negotiations with the hacker.
The attacker reportedly gained control of validator signing keys using a flash loan to acquire 4.6 million BONE tokens, giving them majority validator power. With this control, they signed a malicious transaction moving funds out of the bridge. In response, Shibarium developers paused staking and unstaking, moving stake manager funds into a multisig-controlled hardware wallet for additional security.
Dhairya said the team’s top priority is restoring network security and protecting user assets. Shiba Inu is collaborating with blockchain security firms including Hexens, Seal 911, and PeckShield to investigate the incident and prevent further breaches.
The exploit triggered steep declines across tokens in the Shiba Inu ecosystem. The flagship SHIB token fell about 7% from $0.0000145 to $0.0000131. The K9 Finance (KNINE) token dropped nearly 10% to $0.00000257. Meanwhile, governance token BONE suffered the sharpest decline, plunging 38% from $0.31 to $0.19.
The sell-off reflects market skepticism about Shibarium’s security architecture and its reliance on validator majority power, a structure increasingly seen as vulnerable in DeFi bridge design.
The Shibarium breach coincides with other high-profile crypto security incidents. Over the weekend, THORChain co-founder John-Paul Thorbjornsen lost $1.35 million after a meeting call scam compromised his personal wallet. Onchain sleuth ZachXBT traced the theft to a suspected North Korean-linked group, underscoring the wide range of attack vectors targeting individuals and protocols alike.
These events reinforce the broader vulnerability of decentralized ecosystems, where bridge exploits, phishing, and validator manipulation remain common. For protocols like Shibarium, the challenge will be implementing governance and technical safeguards strong enough to prevent repeat breaches.
