Shiba Inu core developer Kaal Dhairya has issued a detailed security update following the incident on September 12th, which included misusing power signatures at Shibarium Pos Bridge to push waves/exits and withdraw multiple assets. The post, published on September 21, 2025, outlines what happened, what has been done so far, and what controls the gradual restoration after the independent review has concluded.
Shiba Inu Core Dev shares another update
In a personal introduction that framed both the technical and human aspects of the episode, Dhairya opened up by distancing himself from the mantle of singular leadership, repeating the original spirit that drives his work. “I want to clarify first: I’m not a ‘lead’. He added that I not only did I bet on Shiv’s spirit, but never did I ever do.”
Shiba Inu Core Dev warned that given the “sophistication of this attack”, it was unable to guarantee the security of existing keys, signaling fatigue in the hope that individual contributors could “put everything together” without extensive structural support.
The case account explained at 18:44 UTC on September 12th, “explaining how fraudulent verifier signature power was used to push out malicious conditions/exits through the POS bridge.” This method approved the withdrawal with a malicious checkpoint/exit proof combining short-lived stake amplification with each update. Incomen-style on-chain activities linked to attackers are said to include sales of some ETH, SHIB and ROAR, but the team withheld the “evolving wallet graph” and continues to contain and coordinate with authorities. “When I do that, I no longer release a completely technical story,” Post said.
Immediate measures include limiting the operation of certain bridges to prevent new unauthorized exits, upgrading and gating pathways for contract routes covering deposits, withdrawals, claims and compensation, and applying “targeted defensive controls against misuse of delegated stocks.” The team has retrieved and secured risky bones at the stake manager level, and said short-term bone financing under attackers remains “effectively immobilized” by interventions and protocol mechanisms.
Key and custody hygiene measures include the transition of validator signer rotation and contract control to multiparty hardware custody, but live monitoring and automated alerts will continue in conjunction with exchanges, external security researchers, incident response companies and related authorities.
The update also involves frequently asked questions about validator compromise and operational accountability. Balidator’s signature key is “mainly stored on AWS KMS and rare usage on developer machines”, and the ultimate responsibility for key management lies in operational leadership. Although no single intrusion vector has been identified, preliminary possibilities include compromises on developer machines, compromises on cloud KMS, exposures during AWS to GCP migration, or supply chain attacks via NPM.
The post highlights the shortcomings of decentralization highlighted by the fact that “10 out of 12 verifiers” signed a malicious state, allowing committing a threshold of greater validator decentralization, stronger key rotation policies, stronger custody, improvements, and higher due digerigional thresholds for sensitive access.
Roadmap Preview sets up four gate phases. “Containment” remains ongoing thanks to the limited bridge capabilities and live monitoring. In collaboration with Hexen, “hardening” includes policy-level controls such as signer/validator hygiene, rate limiting, challenge windows and circuit breakers, and technically appropriate rejection list extensions.
The “safe restore” will not start until an independent review registers with the mitigation, a post-interpretation consistency check passes the pass, a successful drill in the test environment, a restore is performed in phase and is performed on the rollback lever. Finally, the comprehensive technical postmaltem precedes the remediation paths referenced by affected users and liquidity communities, saying that the update “may differ in token-specific approaches.”
The timeline remains intentionally unspecified. “We will not disclose the dates that enemies can take photos,” the team writes, repeating updates posting to official channels.
For Shiba Inu Token owners and victims, the message is dull. Beware of fraud, ignore unverified “recovery/claim portals” and hope that the bridge restrictions will last “until you confirm that the restoration is safe.” Questions about bridges to Ethereum, timing of reopening the bridge, rotation of validators, and full audits all get the same answer. First, here are the details that should be followed when security allows. Regarding the fund’s recovery and potential rewards, the team said the options are being evaluated and the community review proposals will be published as “once viable and safe.”
Shiba Inu developers are closed by reaffirming their priorities and positioning communication within a disciplined rhythm. “Our priorities have not changed. We will protect users, protect our network, include attackers, and restore services safely.” The next major communication will be technical postmaltems, a repair proposal, he writes.
At the time of pressing, Shiba Inu was traded for $0.00001207.
Featured images created with dall.e, charts on tradingview.com
Bitconist’s editing process is focused on delivering thorough research and accurate and unbiased content. We support strict sourcing standards, and each page receives a hard-working review by a team of top technology experts and veteran editors. This process ensures the integrity, relevance and value of your readers’ content.
