Cross-chain asset bridge ChainSwap has reportedly been hacked, with the hackers making off with a total of around $8 million. Several projects that had partnered with ChainSwap to bridge tokens between Ethereum and the Binance Smart Chain have also been impacted.
Details Of The Hack
The hack occurred on Saturday, 10th July, at 4 pm EST, when hackers attacked and exploited the ChainSwap smart contracts and stole tokens of more than 20 projects on ChainSwap. Some of the projects impacted by the hack are Dafi, Option Room, Razor, Oro, Antimatter, Umbrella Room, and several others.
The hackers managed to make a profit of over $2.3 million from the exploit by draining the liquidity pools of several projects.
ChainSwap’s Response To The Hacking
ChainSwap, on its part, has put out a string of statements on their Twitter handle to assuage users and projects on their platform. The team at ChainSwap has swung into action to limit the losses due to the hacking.
ChainSwap has also assured users that only the smart contracts have been affected and that wallet funds are safe. The team has frozen the BSC mapping token addresses in an attempt to filter out the hacker’s addresses. ChainSwap has also temporarily pulled liquidity as it investigates the hack and advised users not to buy $ASAP token until they conclude their investigation.
This latest hack comes close on the heels of another hack that ChainSwap faced on 2nd July, which resulted in ChainSwap losing $800,000.
Chainflip is also working on a compensation plan for the affected tokens. The team has also snapshotted token holders and liquidity providers pre-hack levels and will airdrop 1:1 new $ASAP tokens and re-add liquidity. This will include $ASAP token holders on exchanges.
Affected Projects React
As things stand, several projects on the ChainSwap bridge that have been affected by the hack have released statements on Twitter. Several of the projects have also announced plans to issue new tokens.
MyDeFiPet took to Twitter, stating that DPET tokens were stolen from the team’s liquidity pool on Uniswap. It also stated that the hack does not impact BEP20 and KRC20 DPET token holders. The project assured users that their funds were safe and that it had snapshotted all activities on Ethereum for reimbursement.
OptionRoom put out a tweet stating that they have decided to pull all liquidity for the time being. They added that the hacker had stolen 2,314,640 $ROOM tokens worth $550,000 from cross-chain contracts.
The project later put out a detailed post on Twitter, stating that the hacker was able to steal 2.3M $ROOM tokens on Ethereum and 10M $ROOM tokens on the Binance Smart Chain. The post further stated that the OptionRoom team was able to remove liquidity from Uniswap and Pancakeswap, protecting token holders and liquidity providers from the hacker if he sold into liquidity pools.
OptionRoom was able to recover $342,117 through the sale of tokens from the deployer to the Uniswap pool. The team plans to distribute the recovered amount amongst the liquidity providers after assessing the share they held. The team is also studying the Ethereum and BSC logs to check what each holder held when the hack occurred so that they could airdrop the new tokens to $ROOM holders.
UniFarm took to Twitter to address the developments, stating that they were in constant touch with the team at ChainSwap. UniFarm has removed all Uniswap and PancakeSwap liquidity and has requested their community to follow suit until the issue is resolved.
KwikSwap stated that they had removed their markets as the hack had impacted their BEP-20 tokens and that they were working with ChainSwap on investigating the issue. KwikSwap planned to reinstate their token market and concluded that all the hacked KWIK tokens were sold off on Uniswap.
Nord Finance stated that the project was adversely affected by the ChainSwap hack and that they were working closely with the ChainSwap team to investigate the issue and chart out the next course of action, which they will share with the community in due time.
Wilder World urged users to hold on buying and selling across exchanges until further notice after it was discovered that $WILD tokens had also been compromised.
Some Information About The Hacker
Several Twitter posts have been shedding light on the details of the hacker. The posts show the hacker’s address to be 0xEda5066780dE29D00dfb54581A707ef6F52D8113.
Etherscan and BSCscan data show that there are still tokens worth thousands of Dollars that have still not been sold. This is due to timely action by project developers that have locked the assets, making it near impossible for the hacker to sell them. For the moment, the ChainSwap bridge has been temporarily closed.