Important Update: ChainSwap Hack

Important Update: ChainSwap Hack

Firstly, we want to thank the entire Wilder Community for your support and positive energy around the unfortunate ChainSwap Hack.

We would like to assure the community that the $WILD ERC-20 Token continues to be safe, secure and open for trading on Uniswap and Gate.io. $WILD has completed comprehensive smart contract audits with ConsenSys diligence to ensure the core protocol is protected.

Due to the recent vulnerability hack with ChainSwap, please do not trade on PancakeSwap or Binance Smart Chain. Uniswap, Gate.io and other exchanges trading the $WILD ERC-20 contract are safe to trade and are operating as expected.

Summary of Key Events:

On Saturday July 10th, 2021 at 20:47 UTC our team noticed a flash crash on PancakeSwap. This was due to a vulnerability in ChainSwap, a cross chain protocol used to transfer tokens between Ethereum (ETH) and Binance Smart Chain (BSC). The $WILD token is one of dozens of projects impacted by this vulnerability. After careful analysis, we discovered that $534,548.45 USD was withdrawn by an attacker from the Wilder Pancake Liquidity Pool on BSC and ChainSwap bridge contracts on Ethereum. Our engineering team was able to quickly react and prevent the loss of further funds.

It appears this issue is related directly to ChainSwap. ChainSwap has reassured all holders and Liquidity Pools via Twitter that funds from individual wallets are safe and that the pre-hack had been snapshotted and a compensation plan will be put into action for affected tokens. On BSC, balances may temporarily show 0 until ChainSwap has completed the investigation. ChainSwap has suspended all send and withdraw functions until further notice.

  • At block 12801468 on Binance Smart Chain (BSC), an attacker took control of the $WILD contract due to a critical vulnerability in the ChainSwap Protocol.
  • For context, the BSC version of the $WILD token contract was deployed to the BSC blockchain via ChainSwap to enable trading on PancakeSwap (PCS), due to high gas fees on Ethereum.
  • Based on our initial analysis, the ChainSwap vulnerability enabled 20,000,000 $WILD to be minted directly to the attacker’s address from a factory root address (‘0x0000…’) on BSC only. In other words, these tokens were not minted on Ethereum (where the primary $WILD contract resides), but directly on BSC.
  • This first minting transaction of 500,000 $WILD on BSC confirmed on Jul-10–2021 at 07:17:30 PM +UTC and was followed by 40 subsequent minting transactions, with a final transaction that we are still in the process of analyzing.
  • Following the minting process, the attacker proceeded to sell 20,000,000 $WILD in a single transaction on PCS in exchange for ~652.44 WBNB ($207,216.47 USD). This resulted in removing nearly all of the BNB liquidity from the $WILD/BNB PSC pool. Once this transaction was completed the attackers balance on BSC was depleted.
  • As part of the hack, the attacker was additionally able to withdraw nearly 2 million $WILD via the ChainSwap Bridge Contract on Ethereum. For context, these $WILD tokens were staked in the ChainSwap Bridge Contract to provide liquidity to Pancake traders on BSC. The first transaction occurred at Jul-10–2021 07:17:06 PM +UTC and continued in three subsequent transactions.
  • In a series of nine transactions starting at 2021–07–10 20:42:11, the attacker sold a total of 1,978,844.84 $WILD on Uniswap for $327,331.98 DAI.
  • In summary, the attacker was able to sell all of their accumulated $WILD on both PancakeSwap (BSC) and Uniswap (Ethereum) for a total of ~$534,548.45 USD.

Next Steps:

As of right now, July 10th at 23:00:00 PM the $WILD ERC-20 Token continues to be safe, secure and open for trading on any Ethereum-based exchange, including Uniswap and Gate.io.

Our team is dedicated to understanding the core vulnerability of this attack and will continue to investigate with ChainSwap directly. We will continue to send updates via Zero, Twitter and Telegram as new information is discovered.

The strength and commitment of each Wilder is being tested, we are honoured to be with each and everyone of you on this $WILD journey. As always, we are grateful for your patience and continued support.

Appendix of Key Contract Addresses:

Ethereum (ETH):

Binance Smart Chain (BSC):