Shibarium Hack

On September 12, 2025, Shibarium—an Ethereum L2 for Shiba Inu with $300M+ TVL—lost $2.3M in a flash loan attack mimicking staking to compromise 10/12 validators via key breaches, enabling fraudulent withdrawals of 224.57 ETH (~$1.05M), 92.6B SHIB (~$1.3M), ROAR ($284k), LEASH ($645k), TREAT ($50k), BAD ($17k), SHIFU ($10k), and 4.6M BONE (frozen via delegation), plus $700k KNINE (blacklisted by K9 Finance). PeckShield flagged; Shiba team paused staking/bridge (Ethereum transfers halted), contained via proxy-to-multisig shifts, and probed with Hexens/Seal911/PeckShield—offering white-hat leniency/bounty amid “parley” talks. Amid September’s $163M hacks (15% MoM rise), this validator spoof—planned months—exposes L2 governance risks, urging key decentralization, tx simulation, and audited upgrades to thwart $2.3M bridges in meme ecosystems.