Skip to content
Est. MMXXVIVol. VI · № 312RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 312Bridge Exploit

Across Protocol Solana Bridge Attack

Cross-chain bridge Across Protocol was attacked on its Solana deployment; the team said user funds were safe with only Risk Labs operating funds potentially hit and no loss disclosed.

Date
Chain(s)
Status
Status Unknown

On July 17, 2026, cross-chain bridge Across Protocol disclosed that it had been attacked on its Solana deployment at roughly 5:30 AM UTC — the first security incident the protocol has publicly reported since launching in 2021, after more than $34 billion in bridged volume with no prior exploits. The team stated that user funds were safe, no users were affected, and all bridge transactions completed.

What happened

Across settles cross-chain transfers through an intents-and-relayer model: independent relayers front their own capital to fulfil a user's transfer on the destination chain and are later reimbursed from the protocol's pools, rather than users' assets sitting exposed in a single custodial bridge contract. According to the disclosure, that architecture contained the incident, limiting exposure to Risk Labs operating funds — Risk Labs being the entity that develops Across — rather than to bridge users or liquidity providers. No specific loss figure was disclosed, and the exact technical vector on the Solana side had not been detailed at the time of reporting. As a containment measure, Across disabled Solana deposits while stating the protocol was "otherwise operating unaffected."

Aftermath

Across said it was coordinating the trace with SEAL 911, the whitehat-and-security-researcher emergency response group that has become an early point of contact during live crypto incidents. Because the loss was reportedly absorbed at the Risk Labs level and user transactions settled normally, the practical impact on bridge users appears limited pending a fuller post-mortem. As of reporting no dollar loss had been confirmed and the status remains unknown.

Why it matters

Bridges have historically been among crypto's costliest single points of failure — from Wormhole and the Ronin bridge to Nomad and Multichain, each measured in the hundreds of millions. Against that backdrop, an incident where a bridge is attacked yet user funds stay whole is a notable data point: Across's design goal of pushing custody risk onto capital-fronting relayers instead of a monolithic escrow contract appears, on first reporting, to have blunted what a traditional lock-and-mint bridge might have turned into a catastrophic user-facing loss. The episode nonetheless punctures a four-year clean record and will hinge on the eventual post-mortem to confirm exactly what was reached and how.

Sources & on-chain evidence

  1. [01]cryptotimes.iohttps://www.cryptotimes.io/2026/07/17/across-protocol-reports-first-attack-on-solana-after-34b-in-bridge-volume/
  2. [02]en.bloomingbit.iohttps://en.bloomingbit.io/feed/news/116465

Related filings