Anyswap Multichain Router V3 Exploit Statement

Multichain (Previously Anyswap)
Published in
2 min readJul 11, 2021


Foreword: All funds in the default Anyswap bridge are safe. Anyswap v1/v2 is not at risk.

The new Anyswap multichain prototype V3 router was exploited early on July 10, 2021. We began an investigation into the incident as soon as we detected the exploit. Fortunately, Anyswap bridge has not been affected at all, only the new V3 cross-chain liquidity pools have been affected. Default Anyswap functions remain as secure as they have always been. Please read below about the details and solutions that we have carried out to remedy this incident.

  1. Attack Description
  • Where and When

The attack occurred on Anyswap V3 liquidity pool on July 10, 2021, at 8:00 PM UTC.

  • Exploited Transactions:


>Stolen amount: 1,536,821.7694 USDC


>Stolen amount: 5,509,2227.35372 MIM


>Stolen amount: 749,033.37 USDC


>Stolen amount: 112,640.877101 USDC

2. What happened

3. Technical solutions

  • The team has fixed the code to avoid using the same R signatures.
  • Anyswap multichain router V3 will relaunch in about 48 hours, please stay up to date on our official Twitter.
  • Trail of Bits has been auditing v1/v2, we have informed TOB of the v3 incident, and we are putting joint efforts to dig into this problem.

4. Loss and solutions

  • 2,398,496.02 USDC and 5,509,222.73 MIM in total.
  • Anyswap has already put remedial actions in place to provide full compensation.
  • Anyswap will compensate. Thus, liquidity providers will be able to withdraw their assets from the pool once again when the liquidity is refilled by Anyswap pending the 48-hour timelock.

5. Bug report rewards

  • To facilitate future security, Anyswap will reward anyone who reports bugs to us. This will help us build truly secure and even better cross-chain solutions.

To get involved and stay up to date:
* Join the Anyswap community:
* Follow Anyswap on:
* Subscribe to the Anyswap:
* Send email to Anyswap:



Multichain (Previously Anyswap)

Cross-Chain Router Protocol (CRP), an infrastructure for cross-chain interoperability, envisioned to be the ultimate router for Web3