Forged messages let attacker drain $815,000 from Alephium
Forged cross-chain messages bypassed Alephium’s TokenBridge guardians, allowing an attacker to steal about $815,000 in tokens from Ethereum and BNB Chain.
On May 30 an attacker used forged cross-chain messages to bypass Alephium’s TokenBridge guardian network and steal about $815,000 in tokens from Ethereum and BNB Chain in roughly seven minutes. The attacker also minted 13.76 million wrapped ALPH tokens that were not backed by reserves and moved them to a single address.
On the Ethereum side the attacker removed 200,967 Tether (USDT), 17,594 USD Coin (USDC), 5.18 Wrapped Ether (WETH) and 0.335 Wrapped Bitcoin (WBTC). On BNB Chain the attacker took 36,750 USDT and 24.386 Wrapped BNB (WBNB).
Alephium’s TokenBridge runs on a fork of the Wormhole protocol and relies on a guardian network that requires a quorum of guardian signatures to authorize cross-chain transfers. An Alephium update explained the breach did not appear to involve compromised guardian private keys and added: “The exploit does not appear to have involved a compromise of guardian private keys. Instead, it appears to have involved an exploit that allowed forged malicious events/messages to be observed and signed by guardians.”
Blockchain security firm Blockaid was the first to detect the exploit, and the Security Alliance’s SEAL_911 emergency response unit assisted in the investigation. Alephium shut down the TokenBridge after the attack and said it is exploring options to compensate affected users. The team plans to publish a full technical postmortem detailing the vulnerability and the sequence of events.
The incident follows other bridge and cross-chain losses this year. Losses from crypto hacks reached $606 million in April 2026. Separate incidents affecting CrossCurve and Hyperbridge were each revised to roughly $2.5 million in reported losses this year. A previous bridge exploit also involved fraudulent validation and the minting of unbacked tokens.
Alephium and external investigators will examine how the forged messages were constructed and why guardians accepted them before recommending software changes or governance adjustments. A detailed technical report is expected once the investigation is complete.








