On Saturday, a hacker attacked the cross-chain decentralized finance (DeFi) platform ChainSwap (ASAP), exploiting a critical vulnerability in its smart contract.
Roughly nine days after its latest exploit, which resulted in losses of around $800,000, the project got drained for a significantly larger sum as more than 10 tokens have been impacted.
Many projects partnered with the cross-chain platform to bridge tokens between Ethereum (ETH)) and Binance Smart Chain (BSC) were affected, including Umbrella Network (UMB), Antimatter (MATTER), Dafi (DAFI) and Option Room (ROOM), to name a few.
The team published a post-mortem and compensation plan following the prior incident, but it’s yet to disclose a full follow-up on this weekend’s attack.
While the team announced that the funds from individual wallets remain safe, send and withdrawal functions have not yet resumed.
“The Chainswap team has frozen the BSC mapping token address to filter out the hacker’s addresses,” announced the project in a tweet, adding that “balances might temporarily show 0 until the filtering is completed.”
According to the announcement, the smart contract got affected, not the wallets that interacted with ChainSwap.
While the project reassured users that the funds from individual wallets remain safe, it got drained of a yet-to-be-confirmed amount of millions.
The Chainswap team has frozen the BSC mapping token address to filter out the hackers addresses.
Balances might temporarily show 0 until we are done filtering.
Smart contract is affected, not the wallets that interacted with Chainswap. Funds from individual wallets are safe
— ChainSwap ($ASAP) (@chain_swap) July 11, 2021
A compensation plan
As the incident was being investigated, ChainSwap advised users not to buy its currently traded native token.
The team stated that all holders and liquidity providers (LPs) pre-hack were snapshotted and it will “airdrop 1:1 new $ASAP tokens pre-hack,” including holders on exchanges.
Please do not buy the currently traded $ASAP
A compensation plan will be put into action for affected tokens
— ChainSwap ($ASAP) (@chain_swap) July 10, 2021
The ChainSwap hacker stole tokens of more than 10 projects, which reacted with their own announcements and plans to compensate investors.
Please do not buy the currently traded $MATTER
— AntiMatter (@antimatterdefi) July 10, 2021
The hacker was rapidly selling several tokens available on the protocol through decentralized exchanges, tanking their values and yet to fully bounce back. Some of the multiple swaps executed during the attack can be tracked via Etherscan.
Get an edge on the cryptoasset market
Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.