Overview

• Users still cannot move assets back to Ethereum, and the team has set no reopening date as it prioritizes security over speed.
• The September 12 breach, first flagged by PeckShield, saw attackers gain control of 10 of 12 validators to approve fraudulent exits and withdraw about $2.3 million in ETH, SHIB, and ROAR.
• Developers report containment steps including immobilizing the attacker’s BONE stake, rotating validator signers, migrating controls to hardware-backed multisigs, and adding contract-level circuit breakers.
• Officials are withholding sensitive technical details and will issue updates only through verified channels to reduce risk and prevent scams.
• Asset recovery remains unsettled, with options under discussion such as law enforcement cooperation, bounty offers, treasury or insurance use, and potential token burns subject to community approval.