Second Chainswap smart code exploit in July results in losses in millions

For the second time within the same month, Alameda-backed Chainswap which allows DeFi projects to launch Ethereum tokens on Binance Smart Chain has been attacked by hackers resulting in losses amounting to over $4 million.

On the eve of July 11, the attacker took control of some of the projects which had earlier launched Ethereum tokens on BSC by taking control by exploiting ChainSwap. The attacker minted tokens directly to their address, then sold them on PancakeSwap, BSC’s most popular decentralized exchange.

Wilder World, an Ethereum-based NFT startup backed by popular YouTuber Jake Paul was the first to notice the attack and tweeted saying

“In a series of nine transactions starting at block 12701866 on Ethereum, the attacker sold a total of 1,978,844.84 $WILD for a total of $327,331.98 DAI.”

The Chainswap team quickly swung into action by pulling away liquidity for ASAP, Chainswap’s native token advising the public not to buy the token as they continue to investigate the exploit. A tweet put out by the team said:

“The Chainswap team has frozen the BSC mapping token address to filter out the hackers addresses. Balances might temporarily show zero until we are done filtering. Smart contract is affected, not the wallets that interacted with Chainswap. Funds from individual wallets are safe”

The latest exploit is the second attack Chainswap will experience this month. On July 2, the platform incurred $800,000 in damages after an attacker exploited another vulnerability in its code. The hacker taunting the team said:

“Sorry for the trouble, you sound genuinely like great people but money is money.”

However, Chainswap had worked with the enforcement authorities to track down and arrest the hacker, managing to negotiate the recovery of Corra and Rai tokens. An initial email with the attackers suggested the attackers returned $1 million.

Per the latest attack, other exploited project tokens aside ASAP include Antimatter, Optionroom, Umbrellabank, Nord, Razor, Peri, Unido, Oro, Vortex, Blank, and Unifarm. A few of the projects like Antimatter and Optionroom, have stated that they will compensate token holders on a 1:1 basis. Nord on the other hand is still working out a “path forward,” according to a statement put out by the team.

Chainswap is one of the fastest-growing projects in the space, filling the gap for projects to easily launch Ethereum tokens on Binance Smart Chain. In April, Chainswap raised $3 million in a funding round led by Alameda Research and the OKEx OK Block Dream Fund.

BSC projects amid the DeFi boom have seen rising attacks with millions siphoned by hackers some of which could be due to smart contract failure or brute force attacks from hackers. Just a few days back, BSC unveiled a partnership with Immunefi to reward white hat hackers who discover vulnerabilities in BSC projects. Per the report, Immunefi will work in collaboration with BSC to improve the security of projects on the Binance chain. As part of the partnership, ethical hackers who take part in a campaign to discover vulnerabilities in BSC-based projects will earn rewards.

Our publications do not offer investment advice and nothing in them should be construed as investment advice.  Our publications provide information and education for investors who can make their investment decisions without advice.

The information contained in our publications is not, and should not be read as, an offer or recommendation to buy or sell or a solicitation of an offer or recommendation to buy or sell any positions.  Our publications are not, and should not be seen as, a recommendation to use any particular investment strategy.

Risk Warning: Margin Trading carries a high level of risk to your capital and you should only trade with money you can afford to lose. Margin Trading may not be suitable for all investors, so please ensure that you fully understand the risks involved, and seek independent advice if necessary.

Share the Post:

Related Posts