The Chainswap Protocol became the latest Binance Smart Chain project hacked over the weekend, with the attacker being able to mint tokens from a range of projects directly to their address before moving them to the decentralised BCS exchange PancakeSwap. The Chainswap Protocol attack netted the hacker a cool $4.4 Million worth of Ether to date.
Multiple Projects affected in the Chainswap Protocol attack
Some of the projects affected in the Chainswap Protocol attack included $WILD, Antimatter, Nord, Razor, Peri, Optionroom, Umbrellabank, Unido, Oro, Vortex, Blank, and Unifarm. To date, Antimatter and Optionroom have announced they will compensate affected investors on a 1:1 basis.
An analysis of the attack by WilderWorld, as posted by user @real_n3o on Twitter points to a vulnerability which enabled the attacker to mint 20 Million $WILD tokens directly to their wallet from a factory root address. The user notes that the first minting transaction of half a million $WILD was confirmed at 07:17pm +UTC on July 10th, and was followed by a further 40 subsequent mining transactions.
The attacker then sold the entire 20 Million tokens in a single transaction on PancakeSwap for WBNB (Wrapped Binance Coin), removing almost all of the BNB liquidity from the pool.
This is the latest in a series of high profile attacks recently, following on from a recent attack which saw Polygon DeFi project Safedollar crash to zero just 2 weeks ago. Binance Smart Chain projects BurgerSwap (BURGER) and JulSwap (JULD) have also seen a number of flash loan attacks recently too, with over $7M being lost to hackers. DeFi exchange Pancake Bunny was also hit in May 2021, which resulted in the BUNNY token crashing from $146 to a low of just above $6. The BSC team acknowledged back at the time that this was a “Challenging time for the BSC communty (Sic)”
However, the latest attack does not seem to have massively negatively affected the price of the native Binance token, up 4.5% at the time of writing and hovering around $332 USD.