Shibarium Bridge Exploit (September 2025) - The attack leveraged complex flash loan strategies combined with compromised validator keys (10 out of 12 validators affected), siphoning approximately $2.4M–$4.1M from the bridge contract (reports vary slightly due to timing and valuation). The attacker temporarily borrowed around 4.6M $BONE to gain majority voting power, signed a malicious state, and withdrew assets.

List of stolen tokens (compiled from official SHIB team updates, PeckShield report, and on-chain details across sources):

- $ETH: Approximately 224.57 ETH

- $SHIB: Approximately 92.6 billion SHIB

- $KNINE (K9 Finance): Approximately $717K (most of which has been frozen/added to blacklist by K9 DAO, making it unsellable)

- $LEASH (Doge Killer): Approximately $680K–$645K

- $ROAR: Approximately $260K–$284K

- $TREAT (Shiba Inu TREAT): Smaller amount (affected but not yet transferred/sold in initial reports)

- Other tokens (smaller amounts, limited transfers): $USDC, $USDT, $DAI, $WBTC, $BAD (Bad Idea AI), $SHIFU, $FUND/xFUND, $LTD, $OSCAR

Total: Impact on 17 different tokens. The attacker sold/converted some stablecoins, but KNINE cannot be liquidated due to blacklisting. Many other tokens remain untransferred or frozen. The team offered a bounty (initially up to 50 ETH, later reduced) in exchange for return, but the hacker refused. Recovery efforts evolved into the "Shib Owes You" (SOU) framework: SOU NFTs built on Ethereum serve as on-chain proof of owed amounts to victims, combined with community-driven layers (such as donations and transaction fees) to fund repayment.