Skip to content
Active Currencies: 17,423
Market Cap: $2.262T
Bitcoin Dominance: 56.18%
24h Market Cap Change: $1.18

$815K gone in 7 minutes – Inside Ethereum’s Alephium TokenBridge exploit

In just seven minutes, several assets were unlocked and millions of wrapped ALPH were created.

Written by Written by Ishika Kumari
Reviewed by Reviewed by Renuka Tahelyani
Updated May 31, 2026
Alephium TokenBridge exploited

Five months into 2026, and the attacks continue. Blockaid, a blockchain security company, discovered a new exploit targeting Ethereum’s Alephium TokenBridge on the 30th of May.

According to the investigation, three out of four compromised guardian keys that signed forged VAAs (Verified Action Approvals) were used to drain $815,000 in seven minutes.

How were guardian keys compromised? 

For context, the Alephium TokenBridge is a bridge that links Ethereum and the Alephium blockchain.

When users switch from Alephium to Ethereum [ETH], the real ALPH is locked on a single chain. Moving ahead, Ethereum is used to mint a wrapped version (wALPH).

Before allowing the mint to proceed, three guardians of the bridge confirm that the lock was indeed made. Additionally, to verify cross-chain transfers, the system uses guardian signatures.

For a transfer message to be approved by the bridge, three of the four guardians have to sign it. However, in the Alephium TokenBridge attack, the three guardian private keys were somehow obtained by the attackers.

After obtaining those keys, they fabricated phony bridge messages known as VAAs and made them seem authentic.

The ‘minting’ twist

In addition to minting ALPH, the forged VAAs gave the bridge instructions to release assets that were already arrested.

As a result of the attackers’ convincing the bridge that there had been valid withdrawals, Tether [USDT], USD Coin [USDC], Wrapped Bitcoin (WBTC), and Wrapped Ether (WETH) were unlocked.

Without making a real ALPH deposit, the attackers made 13.76 million wrapped ALPH. According to Blockaid, this was more than 100% of the previously available wrapped supply.

In other words, the attacker essentially produced a vast quantity of ALPH-backed assets out of thin air.

Similar attacks in the past

This resembles the Wormhole Bridge Exploit, in which attackers created assets that were never backed by collateral and forged bridge messages. 

Additionally, this followed a recent attack on the Verus-Ethereum bridge, which depleted approximately $11.58 million. 

Final Summary 

  • In this attack, three out of four compromised guardian keys resulted in the drain of $815,000 in just seven minutes.
  • The attackers minted 13.76 million wrapped ALPH without actually depositing any ALPH.
Disclaimer: AMBCrypto's content is meant to be informational in nature and should not be interpreted as investment advice. Trading, buying or selling cryptocurrencies should be considered a high-risk investment and every reader is advised to do their own research before making any decisions.

Ishika Kumari

Journalist

Ishika Kumari is a Crypto Analyst at AMBCrypto, specializing in regulatory developments, market dynamics, and blockchain’s real-world impact. She breaks down complex protocols and legislation into practical, easy-to-understand insights.

Related Articles

AMBCrypto
Facebook X Instagram Youtube Linkedin

AMBCrypto was founded in 2018 with a mission to simplify and bring the latest blockchain and cryptocurrency news to our readers. We have quickly grown into the digital news source for an emerging generation of cryptocurrency enthusiasts, reaching more than a million readers on a monthly basis, across the globe.