Syscoin Cross-Chain Bridge Exploited, 5B SYS Tokens Affected
Severity: High (Score: 69.0)
Sources: Kucoin, Chaincatcher, Panewslab
Published: · Updated:
Keywords: syscoin, bridge, involving, incident, cross-chain, billion, service
Summary
Syscoin reported a security incident involving its cross-chain bridge, resulting in the unauthorized creation of 5 billion SYS tokens. The attack exploited a validation vulnerability in the bridge process, allowing the attacker to generate unauthorized outputs on the UTXO side. The affected funds were subsequently transferred and split, with 4 billion SYS linked to two tainted addresses. Syscoin has paused the bridge service and is working on a fix while coordinating with exchanges to blacklist and monitor the affected tokens. Users are advised to refrain from interacting with the bridge until it is restored. The incident highlights significant vulnerabilities in cross-chain transaction validation. Key Points: • 5 billion SYS tokens were unauthorizedly created due to a validation vulnerability. • Syscoin has paused its cross-chain bridge service and is investigating the incident. • Users are advised not to interact with the bridge until further notice.
Detailed Analysis
**Impact** Approximately 5 billion SYS tokens were affected by the incident, with 4 billion and 1 billion SYS linked to two major tainted addresses. The cross-chain bridge service has been suspended, impacting users and ecosystem partners relying on the bridge for token transfers. Exchanges and partners are involved in freezing or blacklisting deposits related to the compromised UTXO outputs. No specific geographic or sectoral impact details are provided. **Technical Details** The attacker exploited a validation vulnerability in the cross-chain bridge’s verification process, specifically within the UTXO Bridge path, causing the system to incorrectly accept transaction proofs and generate unauthorized SYS outputs. The attacker transferred and split the affected tokens after creation. No CVEs, malware, or additional infrastructure details were disclosed. Indicators of compromise include the two major tainted addresses holding the stolen tokens. **Recommended Response** Defenders should maintain the suspension of the bridge service until the validation fix is fully implemented. Exchanges and ecosystem partners must blacklist, freeze, or monitor deposits linked to the tainted UTXO trail. Users are advised not to interact with the bridge during the ongoing investigation and remediation. No specific patches or detection signatures were provided; monitoring for transactions involving the known tainted addresses is critical.
Source articles (3)
- The Syscoin cross — Panewslab · 2026-06-08
PANews reported on June 8th that Syscoin issued an update on its X platform regarding a recent cross-chain bridge security incident involving 5 billion SYS tokens. The bridging service is currently su… - Syscoin cross-chain bridge遭遇攻击, involving approximately 5 billion SYS, bridge service ... — Chaincatcher · 2026-06-08
Syscoin posted on platform X to provide the community with a preliminary update regarding the recent cross-chain bridge security incident involving 5 billion SYS tokens. The bridging service has been… - Syscoin reports Bridge incident involving about 5B unauthori — Kucoin · 2026-06-08
Syscoin reports Bridge incident involving 5B unauthorized SYS outputs Syscoin said in a preliminary postmortem that its Bridge has been paused after a security incident involving 5B SYS. According to…
Timeline
- 2026-06-08 — Syscoin reports bridge incident: Syscoin disclosed a security incident involving 5 billion unauthorized SYS outputs due to a validation issue in the bridge process.
- 2026-06-08 — Bridge service suspended: The Syscoin team has suspended the cross-chain bridge service while investigating and fixing the vulnerability.
- 2026-06-08 — Coordination with exchanges initiated: Syscoin is working with exchanges to blacklist and monitor deposits related to the tainted UTXOs.
Related entities
- Data Breach (Attack Type)
- Syscoin (Company)
- CWE-20 - Improper Input Validation (Cwe)