ChainSwap announces compensation and ‘deep audit’ plan after $8M exploit
Cross-chain asset bridge, ChainSwap, has announced a compensation plan for users after suffering an $8 million loss in its second exploit suffered this month.
ChainSwap supports the Ethereum, Polygon and Binance Smart Chain networks.
On July 10, the hacker exploited a vulnerability allowing them to steal more than 20 different assets from the liquidity pools of partner exchanges. The incident has impacted the markets for numerous assets, with the tokens of Nord, Razor, Antimatter, and Ora among those taken by the attacker.
ChainSwap’s native token ASAP briefly fell more than 99% amid the incident. A separate hack on July 2 saw an attacker make off with roughly $800,000.
On July 14, ChainSwap expanded upon its plan to compensate impacted users through an airdrop based on their ASAP holdings prior to the hack, noting tokens held on the BSC and Huobi Eco Chain networks will be airdropped to the Ethereum mainnet.
ChainSwap stated that 717,200 ASAP (worth roughly $150,000) were liquidated from its treasury and allocated to compensate affected partner projects, in addition to stablecoins from its “team fund.”
The project also noted it was able to withdraw liquidity providers’ funds from Uniswap and force a burning of all hacked ASAP from the hacker’s wallet after halting its bridge. ChainSwap is in talks with various auditing firms to get a “deep audit” completed.
Additional code testing, bug bounty programs and third party auditing processes will be implemented for future software releases from the team.
NFT project Wilder World was among those seriously affected by the incident, with the attacker gaining the ability to mint 20 million of its native WILD tokens to their address. The tokens were promptly dumped in a single transaction for $207,000 worth of Wrapped Binance Coin, with the transaction briefly wiping more than 99% of the token’s value.
6/ Following the minting process, the attacker proceeded to sell 20,000,000 $WILD in a single transaction on PCS in exchange for ~652.44 WBNB ($207,216.47 USD). This resulted in removing nearly all of the BNB liquidity from the $WILD/BNB PSC pool.
— n3o (@real_n3o) July 11, 2021
The attacker also stole roughly two million WILD from the ChainSwap bridge contract, which were sold for approximately $327,000 over nine transactions.
In April, ChainSwap closed a $3 million funding round that included participation from some of the sector’s top venture firms, including Alameda Research, NGC Ventures, and CMS Holdings.