Hackers drain more than $4m from DeFi projects due to ChainSwap vulnerability
Hackers exploited a critical vulnerability in the ChainSwap cross-chain bridge’s smart contract and drained more than $4m from DeFi-projects. To mitigate the fallout, developers will release a new version of their own token ASAP.
Liquidity pulled temporarily, please do not buy $ASAP we are investigating the exploit
— ChainSwap ($ASAP) (@chain_swap) July 10, 2021
The ChainSwap protocol serves as a bridge between various blockchains, including Binance Smart Chain (BSC), Ethereum, Polygon and Huobi Eco Chain.
On July 10, the Wilder World NFT marketplace team noticed a glitch on the PancakeSwap platform. The attacker withdrew from the Wilder Pancake Liquidity Pool on BSC and the ChainSwap bridge contract on the Ethereum blockchain more than $534 000.
🚨Important Update: ChainSwap Hack 🚨
🙏🏻 It’s our priority to keep our community updated in real time as we continue to investigation the ChainSwap Hack 🙏🏻
🛸 In the meantime you can join our ZERO network to keep up to date — https://t.co/NFjEuQLnlk 🛸https://t.co/f2XWGVKzw5
— Wilder World (@WilderWorld) July 11, 2021
Developers noted that they responded promptly to the issue and prevented further outflows. According to them, the attack exploited a critical vulnerability in the ChainSwap smart contract that allowed the attackers to mint about 20 million WILD tokens directly to their address on the BSC network, rather than into the main contract on the Ethereum blockchain.
Wilder World stressed that their project was “one of a dozen” affected. According to user Krisma, the attack affected Antimatter, Razor, Unifarm and others. Tokens worth more than $4.3m are held by the hackers at their addresses, according to Etherscan.
Chainswap got exploited
Projects which got harmed:
Wilder Worlds $WILD
Antimatter $MATTER
Optionroom $ROOM
Umbrella Blank $UMB
Nord $NORD
Razor $RAZOR
Peri $PERI
Unido $VTX
Oro $ORO
Vortex $VTX
Blank $BLANK
Unifarm $UFARM
and moreDO NOT BUY ANY TOKENS NOW
Hacker’s wallet: pic.twitter.com/sPNcuPI31H
— Krisma (@KRMA_0) July 10, 2021
The OptionRoom project also said it was affected by the hack. Unknown actors withdrew 2.3 million ROOM on the Ethereum blockchain and 10 million ROOM on the BSC network. As with Wilder World, the attackers swapped tokens through decentralised exchanges such as Uniswap. The developers withdrew liquidity from the respective pools to hinder this.
2) Multiple projects have been affected by this hack, including OptionRoom. The hacker was able to acquire 2.3M $ROOM tokens on the Ethereum chain, and 10M $ROOM tokens on the #BSC chain.
— OptionRoom (@option_room) July 10, 2021
According to CoinGecko, on July 10 the ROOM token price fell by more than 92%. The same drop was seen for WILD and ASAP, though they later recovered to near pre-crash levels.
OptionRoom, like several other projects affected by the attack, will compensate affected users at a 1:1 ratio. The ChainSwap team has taken a similar stance. Network participants were asked not to trade ASAP — developers recorded balances as of the pre-hack state and announced an airdrop of a new token version.
All holders and LPs pre-hack have been snapshotted. We will airdrop 1:1 new $ASAP tokens pre-hack, this includes $ASAP holders on exchanges. Liquidity will be re-added.
Please do not buy the currently traded $ASAP
A compensation plan will be put into action for affected tokens
— ChainSwap ($ASAP) (@chain_swap) July 10, 2021
For July 2021 this marks the second attack on the protocol. Earlier in the month, unknown actors exploited a vulnerability in ChainSwap’s code and withdrew $800,000 in various DeFi tokens from the platform.
The project team contacted law enforcement and cooperated with the Bitcoin exchange OKEx to mitigate at least some of the losses. The developers agreed to return Corra and Rai tokens.
Previously ChainSwap raised $3m from Alameda Research, the OKEx-backed venture fund OK Block Dream Fund and other investors.
In June the DeFi protocol SafeDollar on the Polygon blockchain was hacked, and its stablecoin devalued. Hackers exploited a vulnerability that allowed unlimited token issuance.
Subscribe to ForkLog News on VK.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!