Though Chainswap expressed it would take remedies to affected tokens and DeFi projects, and AnySwap also announced that it had fixed vulnerabilities and would make up for all losses, it is urgent to focus on cross-chain security risks.
The cross-chain bridge project Chainswap tweeted that it was hacked again on July 11, 2021. As a result, over 20 project tokens deployed on the smart contract of the cross-chain bridge were stolen and the loss was around 8 million USD.
Anyswap, another cross-chain bridge project, announced that its new V3 cross-chain liquidity pool was exploited at midnight, July 12, 2021, resulting in a loss of 239,000 USDC and 5,500,000 MIM, equivalent to over 7,870,000 USD. Due to the hacking, some tokens of Chainswap slumped over 40% and of Anyswap around 15%.
The decentralized cross-chain protocol THORChain (RUNE) announced in its Telegram group that it was attacked on July 16, 2021 and lost around 13,000 ETH, equivalent to 25 million USD. Now the protocol has suspended its network and started investigation into this hack.
Why Cross Chains Are Hacked?
From Chainswap we know that each token has its own cross-chain transfer contract and factory contract code. Hackers call the receive function of the factory contract and pay 0.005 ETH in _chargeFee as a gas fee. No real identification verification but only one signature is required. When the daily quota of signatures is reached, the _decreaseAuthQuota function will be recovered. However, everyone seems to start from the default quota. Hackers use different address signatures to avoid it, and transfer volume in _receive to their address.
Anyswap explained that two V3 router transactions were detected at MPC account of V3 router on BSC and of the same R-value signature, and then the hacker worked out the private key of the MPC account.
In addition, the on-chain record shows that Anyswap attack started at 2:13, July 11 (GMT+8) and Chainswap at 1:16, July 11 (GMT+8) and ended at 1:50 (GMT+8). Such a short time interval may indicate that the two attacks were conducted by the same hacker team.
Lessons Taken from Cross-chain Security Issues
As DeFi is booming, cross-chain is indispensable. Technically, cross chains break the obstacles among chains to transfer values directly, and eliminate intermediaries of currency exchange and blockchain value islands, forming a valuable and potential development direction. Therefore, several cross-chain products were launched in the cryptocurrency industry. However, cross-chain security concerns also emerged. Though Chainswap expressed it would take remedies to affected tokens and DeFi projects, and AnySwap also announced that it had fixed vulnerabilities and would make up for all losses, it is urgent to focus on cross-chain security risks.
Besides, many cross-chain difficulties still exist. For example, how can we guarantee that the total supply of tokens on the native chain will not be reduced or increased due to cross chains, and how can we verify the status of transactions on the native chain in a decentralized way. Cross-chain technology still has a long way to go. Before that, it is the trading platforms to shoulder cryptocurrency circulation. On secure and reliable trading platforms, users can trade their cryptocurrencies securely and avoid unnecessary risks.
As a global leading exchange of digital assets with security, AOFEX always makes efforts to follow the mission of “including more people into the digital finance”, and to provide diverse investment products and secure financial services. AOFEX accompanies you on your investment journey.
This article is provided for informational purposes only and does not constitute investment advice.
next