Overview

• Core developer Kaal Dhairya says attackers temporarily controlled 10 of 12 validator signing keys to force fraudulent exits from the PoS bridge.
• Bridge functions remain restricted as teams rotate validator signers, shift contract control to multi-party hardware custody, and immobilize attacker-linked BONE stake.
• Public loss estimates diverge, with PeckShield citing roughly $2.3 million and other reports referencing about $4 million, including ETH, SHIB, and ROAR among affected assets.
• A four-phase roadmap outlines containment, hardening with external firm Hexens, gated restoration only after independent sign-offs, and a full postmortem with a remediation proposal.
• Investigators are weighing recovery paths such as bounties, law-enforcement cooperation, and treasury or insurance options, and users are warned to ignore unverified recovery portals.