After Chainswap, the cross-chain bridge Anyswap was hacked, resulting in a loss of 7.87 million dollars
From the perspective of the similar attack times, the hackers behind the two project attack incidents may belong to the same team.This article is an original piece by Chain Catcher, authored by Gu Yu.
In the early hours of today, the cross-chain bridge project Anyswap released an announcement stating that the newly launched V3 cross-chain liquidity pool was attacked by hackers early yesterday morning, with total losses amounting to 2.39 million USDC and 5.5 million MIM. The hacker's address is 0x0ae1554860e51844b61ae20823ef1268c3949f7c. According to Etherscan, the hacker has sold all MIM and obtained 5.48 million DAI, which means Anyswap's total loss exceeds 7.87 million USD.
According to Anyswap's announcement explaining the cause of the theft, two V3 router transactions were detected under the MPC account on BSC, both of which had the same R value signature, allowing the hacker to reverse-engineer the private key of this MPC account. The team has now fixed the code to avoid using the same R signature, and the multi-chain router V3 will be restarted in about 48 hours, with no security risks for v1 and v2.
Anyswap has stated that it has taken remedial measures to provide full compensation. Anyswap will replenish the stolen liquidity within 48 hours, and liquidity providers will be able to withdraw assets from the fund pool again without incurring any losses.
According to Chain Catcher, Anyswap is currently one of the most commonly used cross-chain tools for DeFi users. Previously, YFI founder Andre Cronje developed the cross-chain project Multichain.xyz based on this project. According to Anyswap's website, the project currently has a total locked value of 360 million USD, with 543 users in the last 24 hours, 968 transactions in the last 24 hours, and a cross-chain transaction volume of 9.12 million USD in the last 24 hours.
As a result of this incident, the Anyswap token ANY fell by about 15%, with the current price at 1.59 USD.
It is understood that Anyswap is developed based on Fusion DCRM cross-chain technology. Co-founder Qian Dejun has worked for many years in IBM's domestic division, while CEO He Zhaojun was the original technical head of Fusion and is fully responsible for Anyswap's operations.
On-chain records also show that the attack began at 2:13 AM Beijing time on July 11, while the Chainswap attack began at 1:16 AM on July 11 and was completed by 1:50 AM. The close timing of the attacks may indicate that the hackers behind both incidents are from the same team.
