Over the weekend, DeFi traders lost more than $11M across two hacks on Binance Smart Chain (BSC).
On July 10, Anyswap, a decentralized cross-chain protocol, suffered a hack worth nearly $8M of USDC and MIM (Magic Internet Money), a lesser known stablecoin. The exploit happened in the protocol’s new V3 cross-chain liquidity pools. According to a statement released by Anyswap, a hacker was able to deduce the private key to a supposedly secure multi-party computation account on BSC due to a weakness in Anyswap’s code. Anyswap said it has since fixed the vulnerability and will fully compensate users who lost funds.
A day later, on July 11, a hacker targeted a bug in another cross chain protocol, ChainSwap. The protocol, backed by Alameda, offers a bridge between Ethereum and BSC. In this instance, a hacker was able to exploit a piece of the protocol’s token code to take control of its BSC contracts and steal $4M worth of various tokens. Twenty tokens on ChainSwap’s bridge were affected, including $320K worth of $WILD, the native token of Jake Paul-backed NFT startup Wilder World. In response to the hack, ChainSwap took its bridge offline and froze its tokens. The protocol plans to put its code under audit before relaunching and are communicating directly with affected projects to determine compensation measures.
While it seems both Anyswap and ChainSwap are taking responsibility and compensating users, these hacks serve as a stark reminder: a DeFi protocol is only as good as the code it runs on.