Across Protocol confirms Solana bridge attack, says user funds are safe
The cross-chain bridge protocol disabled Solana deposits after an early morning exploit, with potential losses limited to its own relayer operations.
Across Protocol, one of the largest cross-chain bridge platforms in crypto, confirmed on July 17 that its Solana bridge deployment was hit by an attack. The good news: user funds appear untouched. The less good news: it’s another reminder that bridges remain crypto’s favorite punching bag for exploiters.
The incident was detected at approximately 5:30 AM UTC, and the team moved quickly to disable Solana deposits as a precautionary measure. All transactions completed before the attack were secured, and the protocol continues to function normally on other supported chains like Ethereum and Base.
What happened and who’s exposed
Here’s the thing about this attack: the potential losses appear limited to a very specific bucket. Only funds associated with the relayer operated by Risk Labs, the foundation that supports Across Protocol, are considered at risk. That’s an important distinction. In the world of bridge exploits, where users often wake up to find their deposits evaporated, this outcome is about as contained as it gets.
Across uses what’s called an intent-based architecture. Think of it like placing an order at a restaurant: you state what you want (move tokens from Chain A to Chain B), and a relayer fills that order using their own capital, getting reimbursed later. The relayer takes on the risk, not the user. In this case, Risk Labs was operating that relayer on the Solana side, which is why their funds, not users’ funds, are the ones in the crosshairs.
The protocol employs an optimistic verification model powered by the UMA oracle. Transactions are assumed valid unless someone challenges them within a dispute window.
Across has stated that a full post-mortem analysis will be published in the coming days. The team is also working with SEAL_911, a well-known crypto security response group, to monitor addresses linked to the attack.
A $35 billion track record, now with an asterisk
Before this incident, Across Protocol had processed over $35 billion in transaction volume without a single exploit. Its intent-based model was specifically designed to reduce the attack surface by keeping user funds out of vulnerable smart contract pools. That design philosophy appears to have held up here: users weren’t exposed.
What this means for investors
If you had funds moving through Across’s Solana bridge, they appear safe. If you’re planning to bridge assets to or from Solana via Across, you’ll need to wait. Deposits on that chain are disabled until further notice.
The bigger question is what the post-mortem reveals. Was this a smart contract vulnerability specific to the Solana deployment? A relayer configuration issue? Something in how the UMA oracle interacted with Solana’s architecture? The answer matters, because it determines whether this was a one-off implementation bug or something that could theoretically affect other chains in the Across ecosystem.
Traders and liquidity providers who interact with Across on other chains should monitor the post-mortem closely. If the vulnerability turns out to be Solana-specific, operations on Ethereum, Base, and other supported networks should remain unaffected. But if the root cause touches shared infrastructure, the calculus changes fast.