Hdr_About.jpg

Detail Analysis

link.png

Date:

Status:

Count:

Contributor:

July 12, 2021

info.png

Verified

2

zerofriction.io

Loss Amount:

7,870,000

info.png

Recovered Amount:

-

Currency:

Dollars, MIM, USDT

KYC By:

Audit By:

None

Trails of Bits, SlowMist, Peckshield

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Multi-Chain

Protocol

Bridge

Poor Key Management

Extended Method:

Private key leak, deduced from same R value

Data Sources:

info.png

Renamed from Anyswap. The cross-chain bridge project Anyswap issued an announcement stating that the newly launched V3 cross-chain liquidity pool was hacked in the early hours of yesterday, with a total loss of 2.39 million USDC and 5.5 million MIM. According to Etherscan, the hacker has sold all MIMs and obtained 548 Million DAI, which means that Anyswap's total loss is more than 7.87 million U.S. dollars. According to the explanation of the reason for the theft in the Anyswap announcement, two v3 router transactions were detected under the V3 router MPC account on the BSC. These two transactions have the same R value signature, and the hacker reversed the private key of this MPC account. At present, the team has fixed the code to avoid using the same R signature. Multi-chain router V3 will restart in about 48 hours. There is no security risk for v1 and v2. Anyswap stated that it has taken remedial measures to provide full compensation. Anyswap will refill the stolen liquidity within 48 hours, and the liquidity provider will be able to withdraw assets from the fund pool again without any loss.

info.png

DISCLAIMER: While Zero Friction LLC has used the best efforts in aggregating and maintaining this database, Zero Friction LLC makes no representations or warranties with respect to the accuracy or completeness, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall Zero Friction LLC be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the dataset or information derived from our database.