ChainSwap announces compensation and ‘deep audit’ plan after $8M exploit

Published at: July 14, 2021

Cross-chain asset bridge, ChainSwap, has announced a compensation plan for users after suffering an $8 million loss in its second exploit suffered this month. 

ChainSwap supports the Ethereum, Polygon and Binance Smart Chain networks.

On July 10, the hacker exploited a vulnerability allowing them to steal more than 20 different assets from the liquidity pools of partner exchanges. The incident has impacted the markets for numerous assets, with the tokens of Nord, Razor, Antimatter, and Ora among those taken by the attacker.

ChainSwap’s native token ASAP briefly fell more than 99% amid the incident. A separate hack on July 2 saw an attacker make off with roughly $800,000.

On July 14, ChainSwap expanded upon its plan to compensate impacted users through an airdrop based on their ASAP holdings prior to the hack, noting tokens held on the BSC and Huobi Eco Chain networks will be airdropped to the Ethereum mainnet.

ChainSwap stated that 717,200 ASAP (worth roughly $150,000) were liquidated from its treasury and allocated to compensate affected partner projects, in addition to stablecoins from its “team fund.”

The project also noted it was able to withdraw liquidity providers’ funds from Uniswap and force a burning of all hacked ASAP from the hacker’s wallet after halting its bridge. ChainSwap is in talks with various auditing firms to get a “deep audit” completed.

Additional code testing, bug bounty programs and third party auditing processes will be implemented for future software releases from the team.

Related: Your keys, his coins — Cryptopia employee admits to stealing $172K in crypto

NFT project Wilder World was among those seriously affected by the incident, with the attacker gaining the ability to mint 20 million of its native WILD tokens to their address. The tokens were promptly dumped in a single transaction for $207,000 worth of Wrapped Binance Coin, with the transaction briefly wiping more than 99% of the token’s value.

6/ Following the minting process, the attacker proceeded to sell 20,000,000 $WILD in a single transaction on PCS in exchange for ~652.44 WBNB ($207,216.47 USD). This resulted in removing nearly all of the BNB liquidity from the $WILD/BNB PSC pool.

— n3o (@real_n3o) July 11, 2021

The attacker also stole roughly two million WILD from the ChainSwap bridge contract, which were sold for approximately $327,000 over nine transactions.

In April, ChainSwap closed a $3 million funding round that included participation from some of the sector’s top venture firms, including Alameda Research, NGC Ventures, and CMS Holdings.

Tags
Related Posts
Solana and Arbitrum knocked offline, while Ethereum evades attack
Surging Ethereum rival, Solana (SOL), has shed 15% of its value over the past 24 hours after suffering a denial-of-service disruption. On Tuesday at 12:38 pm UTC, Twitter account Solana Status announced that Solana’s mainnet beta had been suffering intermittent instability over a 45-minute period. Six hours after announcing the incident, Solana Status explained that a large increase in transaction load to 400,000 per second had overwhelmed the network, created a denial-of-service, and caused the network to start forking. 1/ Solana Mainnet Beta encountered a large increase in transaction load which peaked at 400,000 TPS. These transactions flooded the transaction …
Technology / Sept. 15, 2021
Yearn.Finance puts expanded treasury to use by repaying victims of $11M hack
Major decentralized finance protocol Yearn.Finance (YFI) has restored its yDAI vault in the aftermath of a $11 million exploit by hackers. Yearn announced Tuesday that they opened a Maker vault with YFI tokens from the treasury and minted 9.7 million DAI tokens from the vault to keep the yDAI vault intact. Using borrowed money allows the project to reimburse users without taking a hit to the treasury, either due to possible YFI appreciation or by gradually repaying the debt with protocol revenue. The team said that this is a one-off occurrence, as they expect users to hedge their own risks …
Technology / Feb. 9, 2021
$6.4M Worth of FSN Tokens Stolen From Fusion Network’s Swap Wallet
Fusion Network’s token swap wallet was compromised. Roughly a third of FSN tokens was stolen as a result. Fusion Foundation announced in a Medium post published on Sept. 29 that its swap wallet was compromised, which resulted in the theft of 10 million native FSN and 3.5 million Ethereum (ETH)-based ERC-20 FSN tokens. The total worth of stolen FSN tokens was estimated at around $6.4 million at that time. The Foundation’s investigation has not revealed any other affected wallets so far. The alleged cybercriminal reportedly started to launder the coins already: “After the currency was stolen, abnormal wash-trading behaviour occurred, …
Altcoin / Sept. 29, 2019
Axie Infinity sees 'no signs of buyers' as AXS price tumbles 30% in two weeks
Axie Infinity (AXS) price has fallen by nearly 30% two weeks after losing $625 million to a hacking incident involving its play-to-earn gaming platform's underlying blockchain, the Ronin Network. AXS/USD dropped to $46.69 on Monday, its lowest level since March 16, signaling a dampening buying sentiment among traders and investors following the hacking incident. Independent market analyst TJ asserted that there is "no sign of buyers" even with the price entering areas with a history of attracting accumulators. For instance, AXS broke below the demand zone that TJ highlighted as a potential inflection point during the weekend, a move that …
Markets / April 11, 2022
Lodestar Finance exploited in flash loan attack
Arbitrum-based lending protocol Lodestar Finance was exploited in a flash loan attack on Dec. 10. According to Lodestar, the attacker manipulated the price of the plvGLP token before borrowing all platform liquidity using the inflated token. In a Twitter thread, Lodestar explained the attack flow. The attacker first manipulated the exchange rate of the plvGLP contract to 1.83 GLP per plvGLP, "an exploit that by itself would be unprofitable", said the company. Then, the attacker supplied plvGLP collateral to Lodestar and borrowed all available liquidity, cashing out part of the funds "until the collateralization ratio mechanism prevented a full liquidation …
Altcoin / Dec. 11, 2022