Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The cross-chain asset bridge Chainswap announced the details of the hacking incident today, saying that at 04:30 AM UTC on July 2nd, they noticed an abnormality on the cross-chain bridge. Some users reported that their tokens were actively removed from wallets interacting with ChainSwap. After it was taken out, the ChainSwap team immediately froze the cross-chain bridge, shut down all nodes, and deployed the fix within 30 minutes. The team of the affected project received an alert. According to the announcement, the stolen assets include 32237576.17 TSHP, 80052.82027 CORRA, 643405.7157 BLANK, 2922720 RAI, 19392.27712 ROOM, 4820309.98 DEXT, 210,108.22 UMB, 55476328.8 FAIR. Chainswap stated that after negotiating with hackers, it has recovered some of the CORRA and RAI tokens, and the total loss is estimated to be 800,000 US dollars. At present, a small amount of affected tokens have been repurchased from the market and returned to the contract wallet. The rest will be fully paid by Chainswap Vault Compensation. In addition, Chainswap will also issue compensation to affected users. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 800,000.
- chain
- —
- protocol
- Chainswap
- bug_class
- logic
- date_occurred
- 2021-07-02
- loss_usd
- $800,000
- source_id
- sm:chainswap::2021-07-02