Key takeaways:
- In the latest attack, token holders using ChainSwap cross-chain solution were affected to the tune of $8 million.
- The hacker has used a loophole to gain access to different project’s BCS contracts and sent stolen funds to his address, then promptly selling in PancakeSwap.
- The latest attack happened only a week after the previous hack when ChainSwapp accrued $800k in damages
News of hacking attacks and scams are unfortunately nothing new when it comes to the crypto industry. Hiding in anonymity, malicious actors have been able to use various loopholes to exploit traders and protocols in the sector since the beginning. The latest victim of a hacking attack was ChainSwap, a platform that acts as a bridge for multiple chains, most prominently connecting Ethereum to Binance Smart Chain. The cross-chain hub allows token trading without using an exchange.
$8 million worth of tokens were stolen
While established crypto platforms and crypto networks have seen a low amount of scams and attacks in the last few months, the decentralized finance (DeFi) sector has been suffering heavily. The latest in the line was ChainSwap, which was targeted supposedly by a lone hacker.
After gaining entrance into the ChainSwap through a loophole, the attacker was able to exploit several projects that use ChainSwap’s cross-chain solution. First to spot unusual activity was “n30”, a developer at Wilder World, who shared his findings in a series of Twitter posts.
The list of exploited tokens includes Wilder World’s WILD, Chainswap’s own ASAP token, as well as Antimatter, Optionroom, Umbrellabank, Nord, Razor, Peri, Unido, Oro, Vortex, Blank, and Unifarm tokens. The stolen tokens were transferred into the hacker’s wallet and promptly sold on decentralized exchange PancakeSwap. Antimatter and Option have already committed to a 100% compensation plan for affected users, others are still deciding what is the best course of action.
To make things worse, this was ChainSwap’s second hack this month
At the moment, Chainswap has temporarily suspended its connection between Ethereum and Binance Smart Chain and promised full compensation to its token holders. In the aftermath of the attacks, ASAP price has fallen by more than 50%, while several other tokens suffered big losses as well.
This is the second time that ChainSwap has fallen prey to a similar attack as in a previous hacking attack, a loophole in the developer’s code was exploited funds worth approximately $800,000 were stolen from the platform. Perhaps a bit jokingly, the attackers at the time wrote: “Sorry for the trouble, you sound genuinely like great people but money is money.”