The ChainSwap Exploit Explained: A Detailed Overview and Next Steps

TeraBlock
3 min readJul 16, 2021

--

What is ChainSwap?

ChainSwap is a cross-chain bridging solution used by projects to swap tokens between Ethereum and Binance chain primarily. ChainSwap has been one of the leading bridging solutions in the crypto space, and a lot of projects have integrated their bridge for the interchain token swap.

How did the exploit happen?

On July 11, 2021, the cross-chain bridge project Chainswap’s smart contract got exploited. The hackers were able to identify and exploit a vulnerability in Chainswap’s platform smart contract through which they were able to steal crypto-assets valued at over $4 Million.

TeraBlock was the least affected project in this exploit. TBC token holders funds on both Ethereum and Binance Smart Chain were safe.

About the Attack

An investigation into the attack by the ChainSwap team found a bug in the cross-chain quota code. The on-chain swap bridge quota is automatically increased by the signature node, which is intended to be more decentralized without manual control. This logical flaw in code led to an exploit by allowing invalid addresses that weren’t whitelisted to increase the amount automatically.

Due to ChainSwap exploit attacker was able to create 30M TBC tokens on Ethereum chain. Still, ChainSwap was able to remove around 24M TBC tokens from the attacker’s wallet and liquidity using the admin rights of the mapping token.

TBC token holders on Binance Smart Chain were unaffected by this exploit.

Even though most of the newly minted 30M tokens were removed, the attacker was able to sell 5,385,692 TBC tokens which were worth 20.8084 ETH | $ 39,576.

The attacker’s address is as follows:

https://etherscan.io/address/0xEda5066780dE29D00dfb54581A707ef6F52D8113

https://bscscan.com/address/0xEda5066780dE29D00dfb54581A707ef6F52D8113

Chainswap has frozen their bridge to safe guard TBC token holders funds. Currently there is no bridge to swap TBC tokens from the Ethereum chain to Binance Smart Chain.

Our next steps

Fortunately, TeraBlock’s contract or user wallets holding the TBC token were not directly affected by the exploit. We do, however, have a moral obligation to keep our community informed with the details of the incident and have apparent next steps to ensure the safety and security of user funds. We have devised a plan of action moving forward, and the main points are listed down below:

  • Total extra 5,385,691.92 TBC tokens in circulation will be burnt to get the entire supply back to 400M TBC tokens.
  • A snapshot of TBC tokens holders on the Ethereum chain will be taken, and a new TBC contract on the ETH chain will be deployed. Users wallets holding the TBC Token will be able to Swap their old TBC tokens to new TBC tokens on our website through the upcoming TeraBlockSwap.
  • TBC tokens holders who staked their tokens on UniFarm Cohort 12 (ETH) will be able to change their old TBC tokens to the new tokens at unstaking.
  • We have been working on developing our native token bridge. Due to this exploit, we will move much faster with developing and deploying our native bridge onto the TeraBlock platform.
  • TeraBlock will get the bridge contract thoroughly audited before deploying it onto our platform as a commitment to bringing safe and secure products for our users.

DeFi is at its nascent stages, so these security hacks are bound to happen. It’s a harsh reality, and this is what helps the DeFi ecosystem grow. Something like this can happen to any DeFi project.

We worked closely with the ChainSwap team to understand the complete mechanics of the exploit, which is why it took us longer to respond.

We have been a community-driven project, and our community has been at the core of our company since its inception in 2017. And we will do whatever it takes to safeguard your interest. Our commitment will always stay intact to developing and bringing only the finest products and services to our users.

More updates to follow, meanwhile if you have any queries then please feel free to get in touch with a member of our team on TeraBlock community chat on Telegram.

Team TeraBlock

--

--

TeraBlock
TeraBlock

Written by TeraBlock

TeraBlock empowers you with the knowledge, tools and support to easily transition from a centralised (Web2.0) to a decentralised (Web3.0) economy. #timefordefi

No responses yet