After Chainswap, cross-chain bridge AnySwap was hacked and lost $7.87 million
Early morning today, cross chain bridge project Anyswap announced that the new V3 across chain liquidity pools was hacked in the morning yesterday, resulting a total loss of 5.5 million MIM and 2.39 million USDC. Hackers address is 0x0ae1554860e51844b61ae20823ef1268c3949f7c. According to Etherscan, the hackers have sold all the MIMs and obtained 5.48 million DAI, which means that AnySwap’s total loss is more than $7.87 million.
According to AnySwp’s announcement explaining the reason for the theft, two V3 router transactions have been detected under the V3 router MPC account on the BSC, both transactions have the same R-value signature, and the hacker pushes back to the private key of the MPC account. The team has now fixed the code to avoid using the same R signature and the multi-chain router V3 will be restarted in about 48 hours with no security risks for V1 and V2.
AnySwap said it had taken remedial steps to provide full compensation. AnySwap will refill the stolen liquidity within 48 hours and the liquidity provider will be able to withdraw assets from the pool again without any loss.
According to reports, AnySwap is currently one of the most commonly used cross-chain tools for DeFi users, and the founders of YFI previously developed the cross-chain project Multichain.xyz based on this project. According to AnySwap website, the project currently has a total warehoused volume of 360 million dollars, 543 users, 968 transactions and 9.12 million cross-chain transactions in the last 24 hours.
As a result of the incident, AnySwap token ANY fell by as much as about 15% and is currently trading at $1.59.
Like Chainswap, another project that was attacked yesterday, AnySwap is a Chinese-backed project founded by Dejun Qian, a veteran of IBM’s domestic division and the founder of Bitse and Fusion. According to LinkedIn, several of the project’s members are also based in China.
Records on the chain also show that the attack began at 2:13 on July 11, Beijing time, and yesterday the Chainswap attack began at 1:16 on July 11, Beijing time, and completed the attack at 1:50. Similar attack time may mean that the hackers behind the two attacks are of the same team.