Shibarium was attacked yesterday & the bridge drained for nearly $3m. Here's how it happened👇 1/ Ryoshi Labs' validator (and perhaps others) were compromised or malicious from the start. They proposed a fraudulent checkpoint on Heimdall (Shibarium's consensus engine). 2/ Before the attack, Shibarium consensus was secured by ~15m staked BONE ($7m). 3/ The Ryoshi Labs validator 0x0752 submitted a fraudulent checkpoint. 👉 10/12 validators signed it as valid. 👉 These validators controlled ~40% of the weighted stake with ~6.5m BONE. 👉 The remaining 2 validators with 60% stake didn't sign it. 4/ Normally this checkpoint would be rejected on the Ethereum side, as this requires a >2/3 consensus. 5/ The attacker flash-loaned 6.4m BONE, delegating it to the Ryoshi Labs validator. 👉 Total stake became ~19.7m BONE 👉 Now those 10 validators that signed had just over 66% stake. 6/ This allowed a 2/3 attack, giving those validators the power to finalize any state they wanted on Ethereum. At this point Shibarium was completely compromised. 7/ With consensus hijacked, all that was left to do was to drain the bridge. 8/ Finally, a portion of the stolen funds were used to repay the flashloan. 10/12 validators signing the fraudulent checkpoint is very strange and raises A LOT of questions