ChainSwap post-mortem and compensation plan

Summary

  • Total damage is estimated to be around $800,000
  • Full compensation is almost completed. All affected users will be compensated from the ChainSwap treasury

On July 2nd at 04:30 AM UTC we noticed an anomaly on the bridge, some users reported that their coins were actively withdrawn from wallets that interacted with ChainSwap.

Upon discovery ChainSwap team immediately froze the bridge, shut down all nodes and a fix was deployed within 30 minutes. Local police authorities, Huobi & OkeX which the attacker interacted with to withdraw/deposit funds got immediately contacted. Team’s of affected projects got alerted.

Attacker’s wallet: https://etherscan.io/address/0x941a9e3b91e1cc015702b897c512d265fae88a9c#tokentxns

DEXT team reacted quickly and withdrew their liquidity preventing the attacker from selling his tokens.

With the help from local police and OKex the ChainSwap team managed to obtain the attacker’s email. Negotiations started.

Negotiations with the hacker

The ChainSwap team managed to negotiate back CORRA and RAI tokens.

Damage and compensation

All damage will be refunded in full from ChainSwap treasury.

  • ChainSwap v2 is launching in the upcoming months
  • The ChainSwap team will be hiring more auditing firms to perform audits
  • We stay strong ✨

The hub for smart chains