In an early morning incident on July 17, Across Protocol confirmed a targeted attack on its Solana bridge, sparking concerns across the crypto community. Thankfully, user funds remain intact, highlighting a critical aspect of the protocol's security measures.
The breach was detected around 5:30 AM UTC, prompting the team to swiftly disable Solana deposits as a precaution. Although the protocol continues to operate smoothly on other chains, such as Ethereum and Base, users will find their deposits on Solana temporarily unavailable.
Understanding the Attack
What sets this incident apart is that the potential losses seem confined to a specific segment of operations. The funds at risk are solely those linked to the relayer managed by Risk Labs, which supports Across Protocol. This is a notable distinction, especially in a sector where breaches often lead to widespread losses for users.
Across employs an intent-based architecture, where users express their wishes for token transfers between chains. A relayer, using its capital, fulfills these requests, assuming the risk. In this situation, it was the funds of Risk Labs that were at stake, not those of the users, making the impact relatively controlled.
It’s worth noting that this protocol utilizes an optimistic verification model driven by the UMA oracle. Transactions are presumed valid unless contested within a designated dispute period.
What’s Next for Across Protocol
A comprehensive post-mortem report is expected in the coming days. The team is collaborating with the crypto security firm SEAL_911 to keep tabs on any addresses associated with the attack. Previously, Across Protocol boasted over $35 billion in transactions without any security incidents, which now carries a caveat.
For investors currently using or considering the Solana bridge, the situation remains fluid. While funds appear secure, all deposits are halted, and users will need to wait for further updates on when operations might resume. The forthcoming analysis will shed light on whether this was due to a specific smart contract issue, a configuration error, or a flaw in the interaction between the UMA oracle and Solana.
This article is for informational purposes only and is not financial advice.



