DEXTools Academy SPECIAL: Chainswap HACK Explained

Hey community, my name is Julie from DEXTools 
Academy! A week ago we've had a lot of troubles   and I want to explain you in this video what 
exactly happened on Saturday a week ago.   Many of you wondered and are still unclear about 
all the circumstances and all the trouble the DEXT   team went through. We want to be very honest about 
it and explain you everything from the beginning   and how the problem finally got solved. For those 
who haven't heard of it yet – in short – there was   an attack on the Chainswap contract which allowed 
to access tokens from wallets that gave approvals   to chainswap. All wallets with coins which used 
the Chainswap bridge before could have been   affected and have been possible to exploit. DEXT 
was one of those tokens and the hacker managed   to steal 4.8 million DEXT tokens from user 
wallets by exploiting the Chainswap contract   but let me explain everything from 
scratch what exactly has happened.   I've been talking about a hacker who 
stole DEXT funds and you might be thinking   what the hell is Chainswap? Chainswap is the 
bridge that allows trading the DEXT tokens   from ERC20 to BEP20 and vice versa.

So with 
the bridge you can swap your DEXT on ethereum   for DEXT on binance smart chain. So what 
happened exactly on Saturday morning? Well,   a hacker took advantage of a security gap and made 
an attack on the Chainswap contract. He managed   to hack the contract and exploited user wallets 
that previously gave permission to the chain swap   contract to use their funds all user wallets 
who gave approval to the contract beforehand   have been a target for the hacker and he was able 
to steal their funds chain swap informed that the   team immediately froze the bridge shut down all 
nodes and the fix was deployed within 30 minutes   local police authorities the exchanges Huobi 
and OKEx which the attacker interacted with to   withdraw and deposit funds got immediately 
contacted started investigating the case   managed to obtain the attacker's email 
and negotiations with the hackers began.   The same time the dext team took 
measures already to save the dext funds   as liquidity was locked on unicrypt another 
solution was needed decisions must have been   taken within minutes as the hacker was sitting 
on funds worth over 1 million dollars which he   could have sold within few seconds on uniswap 
and these funds would have just disappeared   the team has been thinking fast and came to the 
point that the only solution of the problem was   up to the team saving the funds anyhow of course 
the team have a team wallet which is needed to pay   the dext team for developing the project so the 
team decided to sell all these funds in one swap   for securing the money that the hacker couldn't 
steal it by doing this they've been able to save   over 99 percent of the users funds fortunately 
the dext team could recover most of the funds   while the hacker was still sitting on millions 
of coins it turned out that the fast decision   that team took was a huge success as the hacker 
sold his stolen funds only a few minutes later   because the team has driven down the price by 
over 90 per cent the hacker could run away with   barely 20.5 east which is around 45 000 instead of 
over one million dollar the team created instantly   a new dext token to refund all users as soon as 
possible few hours later the liquidity from the   old tax contract unlocked on unicrypt and the 
team could pull this liquidity and use it for   deploying it for the new contract all holders 
have been refunded already if you've been   affected please check in the description 
how you see your new airdrop tax tokens   so now as you know the story what has happened 
to the dex token lately and why a new token   has been created you might be thinking but 
how can i prevent that from happening again   now there is an easy solution what you can 
do to save your wallet from such exploits dbank is a good tool for cancelling the 
approvals we gave to apps when we use them   so here we are on the webpage we just 
connect our meta mask what i'm doing right now   and go to view my profile here we can see all 
assets we have on ethereum of course we can   also check other blockchains like finance chain 
xtype polygon phantom okay exchange and heco   i can't enter these ones now because i have no 
assets there so for checking the approvals we go   to approval and here we see all open approvals we 
gave beforehand to apps so i gave um approvals to   uni swap to spend text so my total risk exposure 
of approval is 247 we can see it here uh because   i gave infinite approval and i have 1000 text 
in my wallet um so for canceling it i just hit   the button decline and the metamask pops up 
i just confirm and the approval is cancelled so now it's cancelled we can do that 
of course with other approvals we   have here now i have no approvals 
anymore um so yeah so i'm safe now i can just recommend you to never 
forget canceling risky approvals   two days ago chainswop got hacked a second 
time and user wallets have been exploited again   text has not been affected by this hack as we have 
no chain swap bridge setup for the new dex token   thank you for watching the video don't 
forget to hit the like button subscribe   our channel and hit the bell button to 
get noticed about more useful videos bye

You May Also Like