An attacker exploited a validation flaw in Syscoin’s bridge system, minting approximately 5 billion SYS tokens without authorization and driving the token’s price down by nearly 20%.
Syscoin disclosed the incident in an early postmortem shared on X, noting it occurred during an already difficult period for SYS, which had been under significant selling pressure in recent weeks and months.
What Happened
According to Syscoin’s postmortem, the attacker took advantage of a validation issue in the bridge relay path that incorrectly accepted or interpreted a transaction proof. That flaw allowed the system to treat a fraudulent transaction as valid and create an unauthorized output of roughly 5 billion SYS, which was valued at just under $10 million at the time.
Syscoin reported that the stolen funds were first sent to the address sys1qgaelv…9wvcw and were subsequently split across two additional wallets — one holding about 4 billion SYS and the other holding the remaining 1 billion SYS.
In response, Syscoin immediately paused the bridge and reached out to exchanges and ecosystem partners, requesting that they blacklist or freeze any deposits linked to the tainted UTXO trail and its downstream transactions. The team said it identified the affected validation path and implemented a fix that is pending security review and deployment.
Blockchain analytics account Hupzy, operated by Spot On Chain, described the incident as a recurring structural issue. Hupzy added that while exchange blacklisting may help contain secondary damage, the reputational harm to the bridge model is likely to remain.
A Token Already Under Pressure
The exploit came at a particularly bad moment for SYS holders. At the time of the incident, SYS was already down more than 43% over seven days and over 82% in the previous month.
A significant portion of that decline had begun after Binance delisted SYS last month alongside four other tokens following a review of its listing standards. The delisting prompted the Syscoin community to withdraw more than 300 million SYS from the exchange and reportedly spurred the addition of over 600 new nodes to the network.
This attack on the Syscoin bridge is the latest in a series of cross-chain security incidents that have unsettled the DeFi sector. Recent examples include an $11 million exploit affecting the Verus network in May and the draining of $7.3 million from more than 1,400 DxSale liquidity pools on the BNB Chain.
In the Verus incident, the exploiter later returned roughly $8.5 million and kept $2.8 million, which was framed as a white-hat bounty. That outcome highlights the varied resolutions seen after major bridge and cross-chain exploits.