ChainSwap post-mortem and compensation plan

Summary

  • On July 2nd at 04:30 AM UTC ChainSwap got exploited.
  • Total damage is estimated to be around $800,000
  • Full compensation is almost completed. All affected users will be compensated from the ChainSwap treasury

On July 2nd at 04:30 AM UTC we noticed an anomaly on the bridge, some users reported that their coins were actively withdrawn from wallets that interacted with ChainSwap.

Upon discovery ChainSwap team immediately froze the bridge, shut down all nodes and a fix was deployed within 30 minutes. Local police authorities, Huobi & OkeX which the attacker interacted with to withdraw/deposit funds got immediately contacted. Team’s of affected projects got alerted.

Attacker’s wallet: https://etherscan.io/address/0x941a9e3b91e1cc015702b897c512d265fae88a9c#tokentxns

DEXT team reacted quickly and withdrew their liquidity preventing the attacker from selling his tokens.

With the help from local police and OKex the ChainSwap team managed to obtain the attacker’s email. Negotiations started.

Negotiations with the hacker

The ChainSwap team managed to negotiate back CORRA and RAI tokens.

Damage and compensation

Total damage from the hack is estimated to be around $800,000. For small amounts, the ChainSwap team bought back affected tokens from the market and refunded wallets accordingly. For the rest, we are working with project teams to set up compensation plans. Full compensation is almost completed. In addition to compensation, we will prepare bonuses for users who are affected and it will be carried out accordingly in the coming days.

All damage will be refunded in full from ChainSwap treasury.

We wanted to thank you for your continued support and patience.

  • ChainSwap v2 is launching in the upcoming months
  • The ChainSwap team will be hiring more auditing firms to perform audits
  • We stay strong ✨

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store