ChainSwap News: Cross-chain asset broker ChainSwap was reportedly hacked, with hackers stealing a total of $8 million. Several projects that partnered with ChainSwap to bridge the tokens between Ethereum and the Binance Smart Chain were also affected by this attack.
Details of the attack
The attack took place at 4 PM EST on Saturday, July 10, where hackers attacked ChainSwap smart contracts and stole the tokens of more than 20 projects on ChainSwap. Some of the projects affected by the attack are Dafi, Option Room, Razor, Oro, Antimatter, Umbrella Room.
The hackers made over $2.3 million profit from this attack by draining the liquidity pools of various projects.
ChainSwap’s reaction to the hack
ChainSwap has released a series of statements on their Twitter accounts to relieve users and projects on their platform. The team at ChainSwap took action to limit losses due to hacking.
ChainSwap also reassured users that only smart contracts are affected and their wallet funds are safe. The team froze the BSC matching token addresses in order to filter out the hacker’s addresses. ChainSwap also temporarily withdrew liquidity as it investigated the hack and advised users not to purchase the $ASAP token until they complete their investigation.
This latest attack came just after another attack that ChainSwap faced on July 2, which caused ChainSwap to lose $800,000.
Chainflip is also working on a compensation plan for the tokens affected by the attack. The team also took a snapshot of the pre-hack levels of token holders and liquidity providers and will deploy new $ASAP tokens 1:1 and re-add liquidity. This will affect $ASAP token holders on exchanges.
Response of affected projects
That being the case, several projects affected by the hack on ChainSwap posted statements on Twitter. Some projects have also announced their plans to issue new tokens.
MyDeFiPet made a statement on Twitter, stating that DPET tokens were stolen from the team’s liquidity pool at Uniswap. He further stated that the attack did not affect BEP20 and KRC20 DPET token holders. The project assured users that their funds are safe and take a snapshot of all activity on Ethereum for a refund.
OptionRoom posted a tweet stating that they have decided to withdraw all liquidity for the time being. They also stated that the hacker stole 2,314,640 $ROOM tokens worth $550,000 from cross-chain contracts.
The project then posted a detailed post on Twitter, stating that the hacker stole 2.3 million $ROOM tokens on Ethereum and 10M $ROOM tokens on Binance Smart Chain. The post also stated that the OptionRoom team was able to remove liquidity from Uniswap and Pancakeswap and protect token holders and liquidity providers from hacking if sold to liquidity pools.
OptionRoom managed to recover $342,117 through the token sale to the Uniswap pool. The team plans to distribute the recovered amount among the liquidity providers after evaluating the share they hold. The team is also reviewing the Ethereum and BSC files to check what each token holder is holding when the hack occurs, so they can airdrop new tokens to $ROOM holders.
UniFarm made a statement on Twitter to discuss the developments and stated that they are in constant contact with the ChainSwap team. UniFarm removed all Uniswap and PancakeSwap liquidity and asked their communities to follow suit until the issue is resolved.
KwikSwap stated that since the attack affected BEP-20 tokens, they removed their market and are working with ChainSwap to investigate the issue. KwikSwap planned to reinstate the token market and concluded that all hacked KWIK tokens were sold on Uniswap.
Nord Finance stated that the project was negatively impacted by the ChainSwap attack and they are working closely with the ChainSwap team to investigate the issue and determine the next course of action that they will share with the community when the time comes.
Wilder World urged users to continue trading between exchanges until further notice after learning that $WILD tokens were also compromised.
Some information about the hacker
Several Twitter posts shed light on the hacker’s details. The posts indicate that the hacker’s address is 0xEda5066780dE29D00dfb54581A707ef6F52D8113.
Etherscan and BSCscan data show that there are still thousands of dollars worth of tokens unsold. This was because the project developers did not take timely action, which locked the assets and made it almost impossible for the hacker to sell them.r. For now, the ChainSwap bridge is temporarily closed.