AOFEX Insight: Underlying Causes of Heavy Blow to Cross-chain Security

Updated on Jul 19, 2021 at 9:19 am UTC by · 3 mins read

Though Chainswap expressed it would take remedies to affected tokens and DeFi projects, and AnySwap also announced that it had fixed vulnerabilities and would make up for all losses, it is urgent to focus on cross-chain security risks.

The cross-chain bridge project Chainswap tweeted that it was hacked again on July 11, 2021. As a result, over 20 project tokens deployed on the smart contract of the cross-chain bridge were stolen and the loss was around 8 million USD.

Anyswap, another cross-chain bridge project, announced that its new V3 cross-chain liquidity pool was exploited at midnight, July 12, 2021, resulting in a loss of 239,000 USDC and 5,500,000 MIM, equivalent to over 7,870,000 USD. Due to the hacking, some tokens of Chainswap slumped over 40% and of Anyswap around 15%.

The decentralized cross-chain protocol THORChain (RUNE) announced in its Telegram group that it was attacked on July 16, 2021 and lost around 13,000 ETH, equivalent to 25 million USD. Now the protocol has suspended its network and started investigation into this hack.

Why Cross Chains Are Hacked?

From Chainswap we know that each token has its own cross-chain transfer contract and factory contract code. Hackers call the receive function of the factory contract and pay 0.005 ETH in _chargeFee as a gas fee. No real identification verification but only one signature is required. When the daily quota of signatures is reached, the _decreaseAuthQuota function will be recovered. However, everyone seems to start from the default quota. Hackers use different address signatures to avoid it, and transfer volume in _receive to their address.

Anyswap explained that two V3 router transactions were detected at MPC account of V3 router on BSC and of the same R-value signature, and then the hacker worked out the private key of the MPC account.

In addition, the on-chain record shows that Anyswap attack started at 2:13, July 11 (GMT+8) and Chainswap at 1:16, July 11 (GMT+8) and ended at 1:50 (GMT+8). Such a short time interval may indicate that the two attacks were conducted by the same hacker team.

Lessons Taken from Cross-chain Security Issues

As DeFi is booming, cross-chain is indispensable. Technically, cross chains break the obstacles among chains to transfer values directly, and eliminate intermediaries of currency exchange and blockchain value islands, forming a valuable and potential development direction. Therefore, several cross-chain products were launched in the cryptocurrency industry. However, cross-chain security concerns also emerged. Though Chainswap expressed it would take remedies to affected tokens and DeFi projects, and AnySwap also announced that it had fixed vulnerabilities and would make up for all losses, it is urgent to focus on cross-chain security risks.

Besides, many cross-chain difficulties still exist. For example, how can we guarantee that the total supply of tokens on the native chain will not be reduced or increased due to cross chains, and how can we verify the status of transactions on the native chain in a decentralized way. Cross-chain technology still has a long way to go. Before that, it is the trading platforms to shoulder cryptocurrency circulation. On secure and reliable trading platforms, users can trade their cryptocurrencies securely and avoid unnecessary risks.

As a global leading exchange of digital assets with security, AOFEX always makes efforts to follow the mission of “including more people into the digital finance”, and to provide diverse investment products and secure financial services. AOFEX accompanies you on your investment journey.

This article is provided for informational purposes only and does not constitute investment advice.

Share:

Related Articles

Anyswap Rebrands to Multichain and Raises $60M in Seed Funding Round Led by Binance Labs

By December 21st, 2021

Multichain is planning to use the capital from the seed funding round to grow its teams and ecosystem. In addition, Multichain will strengthen its ties with Binance Smart Chain. The latter will promote Multichain and recommend it as one of the bridges.

ChainSwap Launches Industry’s First Cross-Chain Aggregator

By December 6th, 2021

ChainSwap, a cross-chain asset bridge & application hub for smart chains, launched its cross-chain bridge aggregator today.

AOFEX Establishes Its Taiwan Branch to Expand Its Activities in South Asia

By December 4th, 2021

AOFEX recognizes the growth potential in the region and strives to promote the adoption of digital financial services in Taiwan.

Exit mobile version