Syscoin halts bridge after attacker creates roughly 5 billion unauthorized SYS outputs
Syscoin has paused its bridge after a security lapse allowed an attacker to generate about 5 billion unauthorized SYS outputs via the project’s UTXO bridge path, the team said in a preliminary postmortem.
What happened
- An exploit of a validation path in the bridge flow caused the system to incorrectly accept a transaction proof, producing SYS outputs that should not have existed.
- The attacker first consolidated the unauthorized funds to a single address, then spent and split them. Syscoin’s initial tracing shows two addresses holding the largest tainted balances: roughly 4 billion SYS and 1 billion SYS. The team has published the initial UTXO transaction, the subsequent spend, and the split transaction and is following the UTXO trail.
Immediate response
- The Syscoin bridge is paused while the team investigates, finalizes a fix, and decides how to neutralize the unauthorized outputs. Users are urged not to interact with the bridge while it remains offline.
- Syscoin says it has identified the affected validation path and has a fix ready; review and implementation are still underway. The incident is being treated as a top priority.
Coordination with exchanges and partners
- The project has contacted exchanges and ecosystem partners asking them to blacklist, freeze, or closely monitor deposits tied to the tainted outputs, and to watch descendant spends from the affected UTXO trail. The goal is to prevent the unauthorized SYS from being deposited, traded, or otherwise entering broader markets.
Market impact
- SYS was trading near $0.00165 after the update, with a market cap of about $9.7 million, per CoinGecko. The token is down sharply from its $1.30 all-time high and fell nearly 10% in the past 24 hours, reflecting weak market confidence following the incident.
Why it matters
- The incident underscores ongoing risks around cross-chain bridges and validation logic. Bridges routinely move value across different chains and environments, so validation errors can be especially costly when exploited. Bridge-related attacks continued to surface in 2026, and this event adds to that trend.
- Syscoin operates as a dual-layer blockchain—combining Bitcoin-style UTXO security with Ethereum-like smart contract capabilities—so the bridge links its native UTXO side with related infrastructure, making the bridge a critical attack surface.
What’s next
- The team will provide updates after implementing the fix and finalizing a remediation plan for the unauthorized outputs. In the meantime, Syscoin continues tracing the funds and coordinating with partners to limit their spread.
We will follow this story and report further details as Syscoin releases them.
Read more AI-generated news on: undefined/news
