In a huge blow to DeFi enthusiasts, cross-chain bridge ChainSwap was hit by a second exploit in eight days. The total losses from the exploit less than 12 hours ago reportedly amounted to almost $8 million, with several market tokens plummeting as a result soon after.
The incident was first announced by the platform on Twitter, with the project asking investors to hold tight and not invest in its native token $ASAP till the exploit was investigated. While liquidity was temporarily pulled from the protocol, the team promised to airdrop 1:1 new $ASAP tokens that were held pre-hack. It also confirmed that it had frozen its Ethereum to Binance Smart Chain bridge.
Several suffering tokens too pulled liquidity sensing the exploit. Oracle protocol OptionRoom was the first to do this as the perpetrators pulled millions of tokens worth $550,000 from the contract. Similarly, perpetual derivative protocol AntiMatter also followed in these footsteps.
Other projects have gone ahead and pulled liquidity from other chains as well, including Uniswap and PancakeSwap. BLANK, ORO, and UFARM are some of the projects that have taken these steps, as advised by ChainSwap. Some of these projects use interoperability between chains to deploy tokens on Binance Smart Chain to avoid Ethereum’s high gas fees.
Wilder World, Nord, Razor, Peri, Unido, Oro, Vortex, and Unifarm are some of the prominent projects that were affected by the exploit, among others.
🚨ChainSwap Hack 🚨
— n3o (@real_n3o) July 11, 2021
A vulnerability in the decentralized exchange’s smart contract code gave the hackers access to the protocol, allowing them to sell the tokens available on it through other exchanges. The hackers could be seen executing multiple swaps on the 1Inch exchange on Etherscan.
Another ChainSwap exploit had transpired on 2 July, one which had resulted in losses amounting to $800,000. While the exploit was fixed after temporarily freezing bridges, concurrent attacks have somewhat derailed user sentiment, with many calling it an exit scam on Twitter. In fact, the protocol temporarily disabled comments on its Twitter page while also disabling its Telegram group.
Such hacks prove that wariness about DeFi protocols is not unfounded, considering the potential risk of losing holdings and investments. A Messari report in February found that DeFi protocols had lost about $284.9 million to hacks and other exploit attacks since 2019. It is no wonder then that countries like Japan are looking to regulate DeFi, even as the SEC and other leading nations grapple with its possibilities.