Decentralized cross-chain platform ChainSwap has suffered another exploit; its second in the space of eight days.
The most recent attack, which occurred on July 10, resulted in approximately $8 million worth of losses, according to reports.
ChainSwap representatives advised their users from their official Twitter account not to purchase any of the platform’s native token, ASAP while they investigated the attack. Less than an hour later, they issued another tweet, advising users that they had snapshotted all holders and LPs before the hack.
They also stated that they would put a compensation plan in place for the impacted tokens. Reports indicate that the attack affected more than 10 projects. Decentralized oracle Umbrella Network had more than 3 million of its UMB tokens stolen. Meanwhile, the hackers also targeted projects such as Antimatter, Dafi, Blank, Razor, and Oro.
The hack also impacted the user-governed forecast protocol Option Room. According to a tweet they issued on July 10, the attackers stole $550,000 worth of their native token ROOM.
More recent updates from ChainSwap revealed that the team had frozen the Binance Smart Chain (BSC) mapping token address, in an attempt to filter out the hackers’ addresses. The platform also advised:
“Smart contract is affected, not the wallets that interacted with Chainswap. Funds from individual wallets are safe.”
Since the hack, ASAP’s price has fallen considerably, according to data. Late on July 10, the token suffered a sharp downward turn from an otherwise consistent position around the $0.28 mark to $0.22 in the space of five minutes. Ever since, it has failed to regain that position, falling further at points to lows of $0.18. At time of press, ASAP was worth $0.20.
The first attack
The exploit of July 10 is the second such attack on ChainSwap this month. In the small hours of July 2, the platform reported an exploit that cost them $800,000 in damage.
According to their post-mortem and compensation plan, the ChainSwap team, with assistance from police and OKEx, managed to find the attacker’s email address and entered negotiations with them. These negotiations resulted in the return of Corra and RAI tokens.
The ChainSwap team bought back affected tokens from the market and issued refunds.