T3rn-swap is an open-source script associated with the T3rn project, a modular interoperability layer designed to facilitate cross-chain swapping. Unfortunately, a serious security breach was uncovered in May 2025. when a backdoor was discovered in the t3rn-swap script, potentially compromising user security. This article explores what t3rn-swap is, the nature of the hack, and the steps users should take to protect their assets.
What is T3rn-Swap?
T3rn-swap was designed to allow users to perform cross-chain transactions within the T3rn ecosystem. The script was open-source and aimed to make asset bridging across multiple blockchains easier and more accessible. However, this simple and useful tool was recently exposed as a potential security risk.
What Happened with T3rn-Swap?
On May 8. 2025. a significant security vulnerability was discovered in the t3rn-swap GitHub repository. The malicious code, hidden in the record_config function, would transmit users' private keys to a Telegram ID without their knowledge. This backdoor posed a grave risk, allowing attackers to steal users' assets if they interacted with the compromised script.
In response, the T3rn project's author acknowledged the issue, admitting to being a victim of theft as well. Despite this, the community has criticized the transparency of the response, urging users to replace any exposed private keys immediately and cease using the affected script.
What Should Users Do to Protect Themselves?
Users who have interacted with the t3rn-swap script should:
Cease using the script immediately.
Replace any compromised private keys.
Monitor accounts for suspicious activity and report unauthorized transactions.
Use the official t3rn Bridge UI for cross-chain swaps and ensure they are engaging with verified tools within the ecosystem.
Conclusion
The discovery of a backdoor in the t3rn-swap script highlights the importance of security in the crypto space. Users must be vigilant and take immediate steps to safeguard their assets. While T3rn's cross-chain features remain valuable, users should exercise caution and only use trusted platforms moving forward.
