ChainSwap Exploited: Projects Using The Bridge Protocol Crashed 99%

Forum 2 years ago

ChainSwap Exploited: Projects Using The Bridge Protocol Crashed 99%

Following a second exploit in 9 days, over 14 tokens listed on the ChainSwap bridge have plunged 99%. The company insists: funds from individual wallets are safe.

ChainSwap, a cross-chain asset bridge and application smart chain, has become the latest victim of the increasingly worrying exploits happening in the DeFi ecosystem that has caused the sector to lose hundreds of millions of dollars since the start of the year.

What is ChainSwap?

As a hub for smart chains, the ChainSwap protocol acts as a defi bridge for projects and users to seamlessly move assets between different blockchains like Ethereum (ERC20), Binance Smart Chain (BSC), and Huobi’s ECO Chain.

It also plans to build cross-chain solutions for Bitcoin, Polkadot, and Solana – the same as ChainSwap did with Polkastarter in March.

In May, the project received an investment worth $3 million from leading industry investors including Alameda Research, NGC Ventures, and OK Block Dream Fund (OKEx). ChainSwap said at the time that it intended to use the raised funds to accelerate its vision of becoming a multi-chain and multi-asset bridge.

ChainSwap Exploit: Projects Crashed 99%

ChainSwap suffered its second exploit this month, which affected projects using the protocol. The latest hack caused most of these tokens, including ChainSwap’s native tokens ASAP, to lose at least 95% of their value immediately following the incident as can be seen below.

The projects that were involved in the exploit include Wilder Worlds (token symbol: WILD), Antimatter (MATTER), Option Room (ROOM), Umbrella Network (UMB), Blank, Nord Finance (NORD), Razor Network (RAZOR), Peri, Unido (UDO), Oro, Vortex (VTX), Corra (CORA), ROCKS, Dafi, and Unifarm (UFARM).

Following the exploit, the ChainSwap team reached out to its users on Twitter, noting that they are currently investigating the attack and will provide a compensation plan for all affected tokens:

“The Chainswap team has frozen the BSC mapping token address to filter out the hackers addresses. Balances might temporarily show 0 until we are done filtering. Smart contract is affected, not the wallets that interacted with Chainswap. Funds from individual wallets are safe,” the project tweeted.

As of writing these lines and following the company’s official response, most tokens moderated their declines.

Not The First Time

ChainSwap was still trying to compensate users for an earlier exploit on July 2, 2021, before it was hit a second time. On July 2nd, the project announced that its smart contract was compromised and the hackers drained around $800,000 worth of assets from users’ wallets.

In its post-mortem and compensation plan report, ChainSwap said it noticed the anomaly on its bridge and some users complained that “their coins were actively withdrawn from wallets that interacted” with the protocol.

Increasing DeFi Exploits

The DeFi sector has become a playground for hackers ever since the sector started booming. Almost every month, there is at least one report about a DeFi platform, losing several millions of dollars in smart contract exploits.

In May alone, a combined $83 million was drained from BSC projects BurgerSwap, Spartan Protocol, PancakeSwap, and Pancake Bunny with each losing $7.2M, $30M, $1.8M, and $44M respectively.