Anyswap Multichain Router V3 Exploit Statement

Foreword: All funds in the default Anyswap bridge are safe. Anyswap v1/v2 is not at risk.

The new Anyswap multichain prototype V3 router was exploited early on July 10, 2021. We began an investigation into the incident as soon as we detected the exploit. Fortunately, Anyswap bridge https://anyswap.exchange/bridge has not been affected at all, only the new V3 cross-chain liquidity pools have been affected. Default Anyswap functions remain as secure as they have always been. Please read below about the details and solutions that we have carried out to remedy this incident.

1. Attack Description

• Where and When

The attack occurred on Anyswap V3 liquidity pool on July 10, 2021, at 8:00 PM UTC.

• Exploited Transactions:

1) https://etherscan.io/tx/0xc80e7cfeb16143cba4d5fb3b192b7dbe70e9bcd5ca0348facd20bf2d05693070

>Stolen amount: 1,536,821.7694 USDC

2) https://etherscan.io/tx/0xecaaf8b57b6587412242fdc040bd6cc084077a07f4def24b4adae6fbe8254ae3

>Stolen amount: 5,509,2227.35372 MIM

3) https://bscscan.com/tx/0xa8a75905573cce1c6781a59a5d8bc7a8bfb6c8539ca298cbf507a292091ad4b5

>Stolen amount: 749,033.37 USDC

4) https://ftmscan.com/tx/0x7312936a28b143d797b4860cf1d36ad2cc951fdbe0f04ddfeddae7499d8368f8

>Stolen amount: 112,640.877101 USDC

• Hacker Address: https://etherscan.io/address/0x0aE1554860E51844B61AE20823eF1268C3949f7C

2. What happened

• Two v3 router transactions were detected under the V3 Router MPC account on BSC, these two transactions have the same R value signature. And hacker deduced the private key to this MPC account in reverse. Anyswap team reproduced this attack method. (Reference: https://bitcoin.stackexchange.com/questions/35848/recovering-private-key-when-someone-uses-the-same-k-twice-in-ecdsa-signatures）
• All v1/v2 bridge transactions have been audited, they don’t have the same R transactions. Bridges are safe.
• We will publish a detailed report about this later.

3. Technical solutions

• The team has fixed the code to avoid using the same R signatures.
• Anyswap multichain router V3 will relaunch in about 48 hours, please stay up to date on our official Twitter.
• Trail of Bits has been auditing v1/v2, we have informed TOB of the v3 incident, and we are putting joint efforts to dig into this problem.

4. Loss and solutions

• 2,398,496.02 USDC and 5,509,222.73 MIM in total.
• Anyswap has already put remedial actions in place to provide full compensation.
• Anyswap will compensate. Thus, liquidity providers will be able to withdraw their assets from the pool once again when the liquidity is refilled by Anyswap pending the 48-hour timelock.

5. Bug report rewards

• To facilitate future security, Anyswap will reward anyone who reports bugs to us. This will help us build truly secure and even better cross-chain solutions.

To get involved and stay up to date:
* Join the Anyswap community: https://t.me/anyswap
* Follow Anyswap on: https://twitter.com/AnyswapNetwork
* Subscribe to the Anyswap: https://anyswap.medium.com/
* Send email to Anyswap: connect@anyswap.exchange