Published in


Anyswap Multichain Router V3 Exploit Statement

Foreword: All funds in the default Anyswap bridge are safe. Anyswap v1/v2 is not at risk.

The new Anyswap multichain prototype V3 router was exploited early on July 10, 2021. We began an investigation into the incident as soon as we detected the exploit. Fortunately, Anyswap bridge has not been affected at all, only the new V3 cross-chain liquidity pools have been affected. Default Anyswap functions remain as secure as they have always been. Please read below about the details and solutions that we have carried out to remedy this incident.

  1. Attack Description
  • Where and When

The attack occurred on Anyswap V3 liquidity pool on July 10, 2021, at 8:00 PM UTC.

  • Exploited Transactions:


>Stolen amount: 1,536,821.7694 USDC


>Stolen amount: 5,509,2227.35372 MIM


>Stolen amount: 749,033.37 USDC


>Stolen amount: 112,640.877101 USDC

2. What happened

3. Technical solutions

  • The team has fixed the code to avoid using the same R signatures.
  • Anyswap multichain router V3 will relaunch in about 48 hours, please stay up to date on our official Twitter.
  • Trail of Bits has been auditing v1/v2, we have informed TOB of the v3 incident, and we are putting joint efforts to dig into this problem.

4. Loss and solutions

  • 2,398,496.02 USDC and 5,509,222.73 MIM in total.
  • Anyswap has already put remedial actions in place to provide full compensation.
  • Anyswap will compensate. Thus, liquidity providers will be able to withdraw their assets from the pool once again when the liquidity is refilled by Anyswap pending the 48-hour timelock.

5. Bug report rewards

  • To facilitate future security, Anyswap will reward anyone who reports bugs to us. This will help us build truly secure and even better cross-chain solutions.

To get involved and stay up to date:
* Join the Anyswap community:
* Follow Anyswap on:
* Subscribe to the Anyswap:
* Send email to Anyswap:




An infrastructure for on-chain asset interoperability, envisioned to be the ultimate router for Web3

Recommended from Medium

Re-examining user experience: Can personalization and privacy coexist?

Notable Recent Security Issues

Decentralized wallets: What it is and how to install

Council Post: How To Ensure Your PAM Solution Helps Eliminate Workflow Disruption

5 Reasons to Consider Decentralized Storage

IoT App Development: Best Solutions and Technologies to Overcome IoT Security Issues

How to Permanently Delete Files on Windows?

Getting the most of your internet when everyone is home

The head of the Statue of David wearing VR goggles that say “Hello”.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Multichain (Previously Anyswap)

Multichain (Previously Anyswap)

Cross-Chain Router Protocol (CRP), an infrastructure for cross-chain interoperability, envisioned to be the ultimate router for Web3

More from Medium

Action Required: Critical Vulnerability for Six Token Contracts on Multichain

How Furucombo Utilizes Gelato for Automation

Hundred Finance: Celebrating veDay

Launching $PSP-$MATIC Vault Powered by Quickswap & Polygon