← Back to Hack Archive

BSC ChainSwap Hack

July 10, 2021$8 millionSmart Contract VulnerabilityBinance Smart Chain

The Story

On July 10, 2021, ChainSwap, a cross-chain asset bridge that connected Ethereum, Binance Smart Chain, and other blockchains, fell victim to a devastating hack. The attacker exploited a vulnerability in the bridge's smart contract, allowing them to mint arbitrary tokens on multiple blockchains, stealing approximately $8 million in various tokens.

The attack primarily impacted tokens that had their Binance Smart Chain (BSC) versions backed by ChainSwap's bridge. Several projects including WILD, Antimatter, Optionroom, Umbrella Network, Nord, Razor, and Oro saw their BSC tokens maliciously minted and subsequently dumped on the market, causing their prices to plummet.

This incident came shortly after ChainSwap had suffered another exploit on July 2, which resulted in a loss of $800,000. Following the second, more severe attack, the ChainSwap team paused the bridge functionality, worked on a compensation plan for affected users, and eventually relaunched with an overhauled architecture designed to prevent similar vulnerabilities.

The hack highlighted the significant security challenges faced by cross-chain bridges, which have become critical infrastructure in the multi-chain ecosystem but also represent attractive targets for attackers.

Technical Analysis

The ChainSwap hack exploited a vulnerability in the smart contract that controlled the bridge's token mapping and minting functions. The technical root cause was an improper access control mechanism:

  1. The attacker discovered a vulnerability in ChainSwap's token validation process
  2. This allowed them to manipulate the verification function that checks whether tokens should be minted
  3. By exploiting this flaw, they could mint arbitrary amounts of any token that was integrated with the bridge
  4. The attacker then dumped these fraudulently minted tokens on decentralized exchanges

The vulnerability was in the verification system that authenticated cross-chain transactions:

// Simplified representation of the vulnerable verification function
function verifyTransaction(
    bytes memory signature,
    address token,
    address recipient,
    uint256 amount,
    uint256 nonce
) internal returns (bool) {
    // Rebuild the message that should have been signed
    bytes32 message = keccak256(
        abi.encodePacked(token, recipient, amount, nonce)
    );
    
    // Vulnerability: Insufficient validation of signatures
    // The verification didn't properly check that the signer was authorized
    address signer = recoverSigner(message, signature);
    
    // Only checked if signer exists in validator mapping, not role-based access
    return validators[signer];
}

The key issue was that the contract didn't properly validate the permissions of signers for specific token mint operations, allowing the attacker to craft transactions that appeared legitimate.

Lessons Learned

  1. Cross-chain bridges should implement comprehensive role-based access control
  2. Multiple independent signatures should be required for high-value operations like minting
  3. Rate limiting and transaction value caps can reduce the impact of exploits
  4. Regular security audits specifically focusing on cross-chain functionality are essential
  5. Bridge designs should include circuit breakers and emergency shutdown mechanisms