The decentralized cross-chain exchange ChainSwap has been hacked a second time, after an earlier attack on July 2.
The Chainswap team has frozen the BSC mapping token address to filter out the hackers addresses.
Balances might temporarily show 0 until we are done filtering.
Smart contract is affected, not the wallets that interacted with Chainswap. Funds from individual wallets are safe
— ChainSwap (@chain_swap) July 11, 2021
More than 10 Projects affected
According to first reports, at least 10 projects that use their cross-chain bridge have suffered damages resulting from the exploit. These projects include Antimatter, Dafi, Option Room, Blank, Razor, and Oro.
The project most affected was Umbrella Network, whose entire supply inside the ChainSwap vault, worth over 3 million USD, was stolen. The total damage is estimated to be 8 million USD. In a report Umbrella has posted on their Medium blog, Umbrella noted that the attacker immediately sold his UMB tokens. Earlier this month on July 2, the attacker managed to extract 800,000 out of the cross-chain protocol.
Aftermath of the ChainSwap Hack
As a result of the hacker selling his stolen UMB tokens, the price of Umbrella Network crashed by nearly half. In their post-mortem report, Umbrella has announced to be working on a compensation plan. As part of this plan, they will buy back 110 ETH worth of UMB tokens to counteract the tokens that were released into the market by the hacker. Since then, the price of UMB has stabilized near pre-hack levels.
ChainSwap has also responded to the attack on Twitter, stating that all operations on the cross-chain transfer protocol were halted and have not yet resumed at the time of writing. ChainSwap has also noted that they have snapshotted all token balances before the hack and will reimburse all users through an airdrop.