The Adshares cross-chain bridge mints wADS on Ethereum when a privileged minter EOA submits a signed wrapTo() call referencing a deposit on the Adshares native chain. The Ethereum-side bridge contract trusts the minter's signature as the sole authorization for mint — it does not independently verify the existence of the referenced native-chain txid (no light-client proof, no Merkle inclusion check, no multi-signer quorum on the EVM side). Three wrapTo() calls were submitted with txids that do not exist on the Adshares native chain; the contract accepted the signatures and minted wADS to the attacker. Upstream cause — whether the minter private key was compromised, or the minter operator software was tricked, or this is an insider action — is not yet disclosed.
Adshares (@adsharesNet) lost approximately $628K when the cross-chain bridge minted wADS on Ethereum against three native-chain deposits that did not exist. The bridge-minter EOA signed three wrapTo() calls referencing non-existent Adshares-chain txids; the Ethereum bridge contract — which trusts the minter signature as authoritative rather than verifying the source-chain txid on-chain — accepted them and minted fresh wADS to the attacker. The attacker immediately dumped the wADS into Ethereum DEX liquidity for ~148.5 ETH and ~$305K USDC, consolidating into wallet 0x63e22ce9bde9bb8892a447258abfcaa4142f001b, which at time of intake held 286.95 ETH (~$625,601 at $2,180.15/ETH) plus dust token balances. Whether the minter key was compromised, the operator's signing software was bug-tricked, or an insider used legitimate access remains undisclosed pending post-mortem.
- chain
- ethereum
- protocol
- Adshares
- bug_class
- bridge
- date_occurred
- 2026-05-16
- loss_usd
- $628,000
- classification
- Bridge — Mint Validation
- technique
- Fake wrapTo() mints referencing non-existent source-chain txids
- target_type
- Cross-chain bridge
- bridge_hack
- YES
- source_id
- cb:adshares-bridge-mint-2026-05-16