TechFlow reports that on May 1, Syndicate announced a security incident involving Syndicate Labs. Attackers exploited a compromised endpoint to maliciously upgrade cross-chain bridge contracts on two blockchains, resulting in the unauthorized transfer of approximately 18.5 million SYND tokens from the Commons cross-chain bridge—later sold for roughly $330,000—and the theft of approximately $50,000 worth of customer tokens from another application chain.
Syndicate stated that the root cause was a private key leak and confirmed that all affected parties have received full compensation. The team will add an additional encryption layer to developer keys and plans to introduce hardware-backed or multi-signature signing, alerting, and circuit-breaker mechanisms into the upgrade process.
