Skip to main content
5 min read

Namada MASP Drain: $600K
Swept via IBC Transfer Logic Exploit

$600K was drained from Namada's MASP after an IBC transfer logic exploit swept ATOM, USDC, OSMO, TIA, and NYM while a stale indexer masked the loss.

AUTOSEC.DEVAUTOSEC.DEV
Namada MASP Drain: $600K Swept via IBC Transfer Logic Exploit
  • Incident Date: June 19, 2026
  • Target: Namada Multi-Asset Shielded Pool (MASP)
  • Target Overview: Namada is a privacy-focused blockchain built around a unified shielded set. Its Multi-Asset Shielded Pool lets users hold and move different assets privately, including cross-chain assets brought in through IBC.
  • Total Loss: Approximately $600,000
  • Reported Affected Assets: ATOM, USDC, OSMO, TIA, and NYM
  • Reported Recipient Address: Cosmos Hub address cosmos1zw9weagzm2w4ud6w3ql7m7rvzpxhvkpt8kk4ff
  • Attack Vector: Protocol logic flaw / IBC transfer logic exploit / stale-indexer visibility failure

Incident Review & Technical Details

1. Attack Path

  1. Shielded IBC assets were swept from MASP: F12 reported that Namada's MASP had been drained for approximately $600,000, with ATOM, USDC, OSMO, TIA, and NYM removed from the shielded pool over IBC. The public reporting did not identify a private-key compromise, front-end compromise, or governance takeover.
  2. Indexer state masked the drain: The key visibility failure was a mismatch between stale indexed balances and live network state. F12 said the indexer continued to show funds in the MASP, while live RPC checks returned a zero balance.
  3. DefiLlama reflected the live-state collapse: F12 later pointed to DefiLlama as supporting evidence, saying its RPC-backed view showed TVL around $600,000 before dropping to nearly $600.
  4. ATOM proceeds landed on Cosmos Hub: In a follow-up alert, F12 identified a Cosmos Hub recipient address, cosmos1zw9weagzm2w4ud6w3ql7m7rvzpxhvkpt8kk4ff, that reportedly received approximately 228,517 ATOM from Namada on June 18, 2026.
  5. The recipient wallet emptied quickly: F12 said the fresh wallet emptied within hours through further IBC transfers and sends, leaving only dust. That movement suggests the liquid portion of the drain was rapidly dispersed after leaving Namada's shielded environment.

2. Impact Scope

  • Protocol-Level Loss: Public reporting converged on approximately $600,000 drained from Namada's MASP.
  • Affected Component: The affected component was Namada's Multi-Asset Shielded Pool and its cross-chain IBC asset path, not a reported validator, wallet, or front-end compromise.
  • Affected Assets: F12 listed ATOM, USDC, OSMO, TIA, and NYM as swept from the shielded pool.
  • Visibility Gap: The stale-indexer mismatch meant users relying on dashboards or explorers could still see apparent balances after live RPC data showed the pool had been drained.
  • Liquidity Profile: CryptoTimes reported that F12 believed the attacker targeted liquid assets movable across the Cosmos ecosystem, while leaving behind staked and less liquid holdings.
  • Disclosure Gap: No official Namada postmortem, final loss confirmation, exploit transaction list, patch note, or recovery plan was identified in the reviewed sources at the time of writing.

3. Official Statements

  • Namada: No official Namada postmortem, recovery plan, or final technical statement was identified in the reviewed sources at the time of writing.
  • F12: F12 reported the $600,000 MASP drain, the stale-indexer versus live-RPC mismatch, the affected assets, the DefiLlama TVL collapse, and the Cosmos Hub recipient address tied to approximately 228,517 ATOM.
  • CryptoTimes: CryptoTimes reported that DefiLlama listed the event as a $600,000 exploit on June 19, 2026, classified as a Protocol Logic incident via an IBC Transfer Logic Exploit.
  • Chain.Buzz: Chain.Buzz summarized the incident as a shielded IBC asset drain in which Namada's privacy design and stale indexing made normal dashboard-based detection harder.

4. Investigation Progress

The public trace currently supports the high-level flow: shielded IBC assets left Namada's MASP, stale indexer data delayed visibility, and at least a large ATOM portion reached a fresh Cosmos Hub wallet before being emptied. What remains unresolved is the exact vulnerable logic path, whether the issue was in Namada protocol code, IBC transfer handling, asset accounting, indexer assumptions, or a combination of those layers.

Recommended response steps for Namada-style shielded asset systems:

  • Publish the affected MASP asset set, loss accounting, recipient addresses, IBC channel path, transaction evidence, and final timeline.
  • Reconcile indexer state against live RPC and add public health indicators when indexed balances diverge from authoritative node responses.
  • Convert the reported IBC transfer path into regression tests covering shielded withdrawals, asset accounting, IBC export, and partial liquidity removal.
  • Add monitoring that compares shielded pool TVL, live RPC, IBC outflow events, recipient chain inflows, and DefiLlama-style external views.
  • Define incident-response playbooks for privacy pools where explorers cannot reveal the full asset path but bridge, IBC, and recipient-chain data can still expose exits.
  • Clarify whether affected users will receive reimbursement, claims support, or a migration path after the technical root cause is confirmed.

AUTOSEC.DEV Solution

The Namada MASP incident shows that cross-chain privacy systems need security coverage across protocol logic, IBC transfer paths, and the monitoring layer that users rely on during incidents.

  1. Secure Code Review - The reported DefiLlama classification points to an IBC transfer logic exploit affecting Namada's MASP. AUTOSEC.DEV reviews cross-chain asset accounting, shielded-withdrawal boundaries, bridge or IBC transfer assumptions, and state-reconciliation logic so protocol teams can catch value-moving edge cases before deployment.
  2. Security Strategy & Planning - The stale-indexer mismatch turned a drain into an observability failure: dashboards still showed funds while live RPC returned zero. We help teams define monitoring architecture, authoritative data-source hierarchy, alert thresholds, and incident SOPs for privacy-preserving protocols where explorers cannot carry the full detection burden.
  3. Incident Response - Because F12 traced approximately 228,517 ATOM to a fresh Cosmos Hub address that emptied within hours, response needs fast multi-chain evidence handling. AUTOSEC.DEV supports exploit reconstruction, IBC fund-flow mapping, recipient-chain tracing, exchange or bridge coordination, public disclosure support, and remediation validation.

Reference