Solana Asset Manager Exploit: ICON Network Responds to Security Breach

On August 5, 2025, a security breach was reported in the legacy Solana deployment of the ICON Network, affecting the Balanced platform and Network-Owned Liquidity (NOL). The attacker exploited the Solana asset manager contract, resulting in the loss of approximately 1,450 SOL and 78 JitoSOL. Importantly, no other spoke-chains or assets, such as bnUSD, sICX, or BALN, were impacted.

Despite comprehensive audits across the codebase, blockchain exploits remain a persistent risk. The ICON Network emphasized the importance of building resilience into protocols to mitigate such risks. Thanks to limited reliance on mercenary liquidity and the protection of the ICON Insurance Fund, the network assured that all affected user funds would be restored promptly and in full.

Response and Recovery Measures

The ICON Network’s immediate priority was to secure the network and prevent further risks to funds or infrastructure. The team worked closely with auditors to address the identified contract issue. An update has been developed, reviewed, and deployed with the necessary fixes. It was confirmed that no other spoke-chain contracts or SODAX implementations were affected, as the vulnerability was isolated to the legacy Solana deployment.

The network identified the hacker’s wallet and contacted exchanges, including Binance, Upbit, and Kraken, to blacklist the address. An on-chain message was also sent to the attacker, offering a bounty for the partial return of the assets. With fixes now deployed, steps are being taken to return user balances, with no action required from users.

Ensuring User Fund Safety

The ICON Network determined that 37 SOL and 76 JitoSOL were needed to make impacted users whole. Most of the stolen assets were owned by the network as NOL, not individual users. The ICON Insurance Fund will be deployed to ensure all user funds remain safe and fully backed.

To restore full backing and resume normal operations, the network plans to conduct a vote to remove the bnUSD portion of NOL held in the Solana asset manager, withdraw the remaining 27 SOL, and utilize the ICON Insurance Fund to cover affected user positions. Normal service will resume by deploying ICON Insurance Funds to purchase the required SOL and JitoSOL, replenishing the asset manager, and securing remaining funds by moving Solana liquidity to the new SODAX infrastructure.

Swaps and loans on Solana are currently offline and will be re-enabled following the completion of these recovery steps, ensuring the safety and stability of the updated contracts. More details on the incident and recovery efforts can be found here.

Why This Matters: Impact, Industry Trends & Expert Insights

On August 5, 2025, the ICON Network reported a security breach in its Solana deployment, affecting the Balanced platform and Network-Owned Liquidity (NOL), with an attacker exploiting the asset manager contract and causing financial losses.

Recent industry reports indicate a growing trend of security breaches in the Solana ecosystem, often involving sophisticated AI-generated malware. This highlights the persistent vulnerabilities within blockchain systems, as evidenced by the recent ICON Network exploit.

As per insights from Fortune Business Insights, blockchain insurance funds are increasingly seen as a promising solution for enhancing transparency and automating claims management. This reinforces the ICON Network’s strategy of leveraging its Insurance Fund to restore affected user funds and ensure financial stability post-exploit.

Disclaimer: The views expressed in this article are those of the authors and do not necessarily reflect the official policy of CoinsHolder. Content, including that generated with the help of AI, is for informational purposes only and is not intended as legal, financial, or professional advice. Readers should do their research before taking any actions related to the company and carry full responsibility for their decisions.