Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
The cross-chain bridge Chainswap announced the details of the stolen incident on its official blog. A total of 20 project assets were stolen, with a total value of approximately US$4 million. At present, the ChainSwap team has reached a consensus with the affected projects and initially formulated and implemented a compensation plan. According to the project investigation, due to the error in the token cross-chain quota code, the on-chain swap bridge quota is automatically increased by the signature node, the purpose of which is to be more decentralized without manual control. However, due to a logical flaw in the code, this led to a vulnerability that automatically increases the number of invalid addresses that are not whitelisted. Attack method (per SlowMist): Contract Vulnerability. Reported loss: $ 4,000,000.
- chain
- —
- protocol
- Chainswap
- bug_class
- logic
- date_occurred
- 2021-07-11
- loss_usd
- $4,000,000
- source_id
- sm:chainswap::2021-07-11