- ChainSwap suffered an exploit last night, resulting in $8 million worth of losses.
- The attacker sold several tokens available on the protocol through decentralized exchanges, meaning they tanked in value.
- ChainSwap has paused its Ethereum to Binance Smart Chain bridge and pledged to airdrop new ASAP tokens to holders.
ChainSwap gets hit again.
Tokens Suffer in ChainSwap Attack
ChainSwap has suffered another exploit.
A hacker found a vulnerability in the decentralized exchange’s smart contract code last night. It gave them a way to access the protocol and sell tokens available on ChainSwap via other exchanges.
Wilder World’s n3o posted an analysis of the incident, explaining that the exploit allowed the attackers to mint 20 million WILD tokens to its address.
🚨ChainSwap Hack 🚨
— n3o (@real_n3o) July 11, 2021
Several tokens were affected and have plummeted in value as a result of the hacker selling them on the open market. Other than Wilder World, Antimatter, Optionroom, Umbrellabank, Nord, Razor, Peri, Unido, Oro, Vortex, Blank, Unifarm, and several other projects suffered in the incident.
The attack is estimated to be worth around $8 million. One of the hacker’s wallets, which shows them executing multiple swaps on the 1inch Exchange, can be viewed on Etherscan.
ChainSwap is a cross-chain bridge that acts as a hub for multiple chains. It supports Binance Smart Chain, Ethereum, Polygon, and Huobi Eco Chain. The project raised $3 million in a funding round featuring big industry players like Alameda Research, CMS Holdings, and Rarestone Capital in April.
The attack follows another ChainSwap exploit that occurred on Jul. 2, which resulted in losses of around $800,000. The team published a post-mortem and compensation plan following the incident, though it’s yet to post a full follow-up on last night’s attack.
Several projects announced that they had been affected by the attack on Twitter last night. Many have posted announcements urging token holders to avoid trading tokens as they plan to compensate investors by minting new tokens. ChainSwap also posted about the incident, confirming that it was “investigating the exploit” and had pulled liquidity for its ASAP token. It added that it would airdrop a new ASAP token to affected holders. ChainSwap then followed up with a post confirming that it had frozen its Ethereum to Binance Smart Chain bridge.
The Chainswap team has frozen the BSC mapping token address to filter out the hackers addresses.
Balances might temporarily show 0 until we are done filtering.
Smart contract is affected, not the wallets that interacted with Chainswap. Funds from individual wallets are safe
— ChainSwap ($ASAP) (@chain_swap) July 11, 2021
ASAP is currently down 13.3%, but many other tokens have been hit a lot harder. Antimatter’s MATTER, for instance, is down 68.8%. Many other tokens have tanked 30% or more.
Disclosure: At the time of writing, the author of this feature owned ETH, ETH2X-FLI, and several other cryptocurrencies.