News linked to both this project and an event.
Syndicate Labs disclosed a security incident: an attacker compromised the system through a private key leak and maliciously upgraded the cross-chain bridge contracts on two chains, leading to the transfer of approximately 18.5 million SYND and about $50,000 in user assets. The attack originated from a compromised development endpoint. The attacker exploited production environment permissions to upgrade the bridge contracts to a malicious version, but other chains were unaffected. The losses include:Commons Bridge: Approximately 18.5 million SYND were transferred and sold, worth roughly $330,000.Another Appchain: Approximately $50,000 in user assets were transferred.Syndicate Labs stated that affected SYND holders will receive full compensation, along with additional excess compensation, leaving their overall holdings higher than before the incident. Affected users on the Appchain will also be fully reimbursed for their losses.
According to CertiK, Syndicate Protocol suffered an exploit due to a security breach in the Commons cross-chain bridge. The attacker exploited the vulnerability to acquire approximately 18.5 million SYND tokens, which were subsequently sold for roughly $330,000. The related funds have already been transferred to the Ethereum network via the cross-chain bridge. Syndicate’s official response states that it is investigating the security incident involving the Commons bridge. The team is tracking the attack and collaborating with security firms. It is also evaluating various options to compensate affected users. Syndicate holds sufficient token reserves to assist users who lost SYND.