Multichain
Published in

Multichain

Anyswap Multichain Router V3 Exploit Statement

Foreword: All funds in the default Anyswap bridge are safe. Anyswap v1/v2 is not at risk.

The new Anyswap multichain prototype V3 router was exploited early on July 10, 2021. We began an investigation into the incident as soon as we detected the exploit. Fortunately, Anyswap bridge https://anyswap.exchange/bridge has not been affected at all, only the new V3 cross-chain liquidity pools have been affected. Default Anyswap functions remain as secure as they have always been. Please read below about the details and solutions that we have carried out to remedy this incident.

  1. Attack Description
  • Where and When

The attack occurred on Anyswap V3 liquidity pool on July 10, 2021, at 8:00 PM UTC.

  • Exploited Transactions:

1) https://etherscan.io/tx/0xc80e7cfeb16143cba4d5fb3b192b7dbe70e9bcd5ca0348facd20bf2d05693070

>Stolen amount: 1,536,821.7694 USDC

2) https://etherscan.io/tx/0xecaaf8b57b6587412242fdc040bd6cc084077a07f4def24b4adae6fbe8254ae3

>Stolen amount: 5,509,2227.35372 MIM

3) https://bscscan.com/tx/0xa8a75905573cce1c6781a59a5d8bc7a8bfb6c8539ca298cbf507a292091ad4b5

>Stolen amount: 749,033.37 USDC

4) https://ftmscan.com/tx/0x7312936a28b143d797b4860cf1d36ad2cc951fdbe0f04ddfeddae7499d8368f8

>Stolen amount: 112,640.877101 USDC

2. What happened

3. Technical solutions

  • The team has fixed the code to avoid using the same R signatures.
  • Anyswap multichain router V3 will relaunch in about 48 hours, please stay up to date on our official Twitter.
  • Trail of Bits has been auditing v1/v2, we have informed TOB of the v3 incident, and we are putting joint efforts to dig into this problem.

4. Loss and solutions

  • 2,398,496.02 USDC and 5,509,222.73 MIM in total.
  • Anyswap has already put remedial actions in place to provide full compensation.
  • Anyswap will compensate. Thus, liquidity providers will be able to withdraw their assets from the pool once again when the liquidity is refilled by Anyswap pending the 48-hour timelock.

5. Bug report rewards

  • To facilitate future security, Anyswap will reward anyone who reports bugs to us. This will help us build truly secure and even better cross-chain solutions.

To get involved and stay up to date:
* Join the Anyswap community: https://t.me/anyswap
* Follow Anyswap on: https://twitter.com/AnyswapNetwork
* Subscribe to the Anyswap: https://anyswap.medium.com/
* Send email to Anyswap: connect@anyswap.exchange

--

--

--

An infrastructure for on-chain asset interoperability, envisioned to be the ultimate router for Web3 https://multichain.org/

Recommended from Medium

Importance of a Reliable AML Audit Trail in Banking

{UPDATE} Super Mirror Hack Free Resources Generator

Summeris Launchpad: $SUM Launching on Pinksale

“Defend the Web” write-up (24 bit —file extension manipulation exploit )

HTB Passage Walkthrough

Taking the ‘right’ risks and reaping the benefits

Broward Health reports a 1.3 million people data breach

The FBI Retains The Power To Capture Russia’s Potential To Bypass The Sanctions, According To FBI…

The FBI Retains The Power To Capture Russia’s Potential To Bypass The Sanctions, According To FBI Director

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Multichain (Previously Anyswap)

Multichain (Previously Anyswap)

Cross-Chain Router Protocol (CRP), an infrastructure for cross-chain interoperability, envisioned to be the ultimate router for Web3 https://multichain.org/

More from Medium

Multichain integrates with Oasis Network

How Thales Protocol Powers Liquidity Incentive Program with Gelato

Warp V2: Additional Features Rollout Plan

Everything About Solidly