NORD FINANCE

DESCRIPTION OF EVENTS

"Nord Finance is an advanced decentralized financial ecosystem focusing on simplifying decentralized finance products."

"Nord Finance, a DeFi application, is a multi-chain interoperable platform that combines traditional finance features into the DeFi network in an effort to make DeFi investments more accessible and convenient for users. From yield-farming aggregation, fund management, robo-advisory to loans on assets, Nord offers a host of financial services through its 4 key products — Nord.Savings, Nord.Advisory, Nord.Loans and Nord.Swap."

"Thanks to Nord.Advisory, investors can ensure that their investment portfolio is in line with their financial goals despite market movements. And as a cherry on top, Nord.Advisory also allows users to personally define their risk profile, helping them understand the risk they will need to take to achieve their financial goals. Investors, especially beginners, can achieve a perfect balance between risk and rewards."

"Nord boasts cross-chain interoperability and can be used in conjunction with many different blockchains. This includes a recent integration with Binance Smart Chain. The Nord products on offer will include over-collateralized loans, savings, advisory services, token swaps, and asset management services. Nord Finance is an innovative, exciting new decentralized finance (DeFi) protocol bringing additional utility to stablecoins."

"Nord Finance in association with Anti Matter is proud to unveil that we have listed on chainswap.exchange to allow NORD Token holders to seamlessly bridge their $NORD tokens over to the Binance Smart Chain BEP20 standard."

"ChainSwap is a bridge protocol that links the Ethereum and Binance Smart Chain (BSC) blockchains." "It supports Binance Smart Chain, Ethereum, Polygon, and Huobi Eco Chain." "The ChainSwap hacker identified and exploited a vulnerability in the ChainSwap smart contract. This vulnerability enabled them to steal and mint new tokens for various protocols that were using the bridge to trade across Ethereum and BSC."

Investigation by ChainSwap revealed "a bug in the token cross-chain quota code. The on-chain swap bridge quota is automatically increased by the signature node, which is intended to be more decentralized without manual control. However, due to a logical flaw in code, this led to an exploit by allowing invalid addresses which weren’t whitelisted to automatically increase the amount."

"The attacker managed to take control of the projects’ BSC contracts by exploiting ChainSwap. The attacker minted tokens directly to their address, then sold them on BSC’s most popular decentralized exchange, PancakeSwap." "[T]he attacker used the PancakeSwap exchange to convert the stolen tokens to WBNB, DAI, and other tokens."

"The attacker was able to mint an additional 500,000 $NORD on BSC and market sold on pancake swap for $101,922 BUSD. This resulted in $NORD price reaching $0.04 on PCS." "The attacker took control of nearly 334,894.720 $NORD on the Ethereum mainnet and sold Uniswap for $325,641 DAI. This resulted in $NORD price reaching $0.788 on Uniswap and other ERC based CEX."

"At block 9042300 to 9042306 on @BinanceChain, an attacker took control of the $NORD BSC contract due to a critical vulnerability in the @chain_swap Protocol. Based on our initial analysis, the @chain_swap vulnerability enabled 500,000 $NORD to be minted directly to the attacker’s address from a factory root address (‘0x0000…’)." "This first minting transaction of 10,000 $NORD was confirmed on Jul-10–2021 at 07:18:45 PM and 50 subsequent minting transactions totaling 500,000 $NORD."

"Following the minting process, the attacker proceeded to the market and sold 500,000 $NORD on PCS in exchange for $101,922 BUSD. This resulted in removing nearly all BNB liquidity from the $NORD/BUSD liquidity pool and causing the price to reach $0.04."

"The attacker was able to empty the @chain_swap Bridge Contract on the Ethereum main net, withdrawing nearly 330,000 $NORD. Token acquisition started at this transaction and continued for three more transactions. In a series of nine transactions starting at block 12801662 on Ethereum, the attacker sold a total of 334,894.720 $NORD."

"NORD Finance systems, Smart Contracts, and savings protocol remain unaffected, each of which has been audited by Zokyo and Quillhash. $NORD trading continued on Uniswap, Kucion, Ascendex, Dfyn, and gate_io and as the attacker minted additional tokens and sold on PCS , the BSC contract and bridge was paused by the Chainswap team. The Chainswap hack incident impacted 20 projects, and Unfortunately, NORD finance was the most affected by this attack on both BSC and ETH sides."

"Nord Finance team working around the clock to ensure all our users and stakeholders are involved in this incident. We respect the NORD Finance community for your patience and support throughout these challenging times. We believe the best foot forward is by being transparent about the issue and implementing a thorough compensation plan to set things right."

"Chainswap said it had already repurchased a small amount of the affected tokens from the market and returned the contract wallet. The rest will be paid out in full by the Chainswap vault." "ChainSwap team has now prepared and executed a compensation plan in consensus with the affected projects." "In order to bring everybody a more rigorous, efficient bridge, the next development model of ChainSwap will be adjusted to ensure maximum safety."

"For now, Chainswap has temporarily closed its cross-chain bridge." "ChainSwap worked with the police and OKEx to identify the attackers, and managed to negotiate the recovery of Corra and Rai tokens. An initial email with the attackers suggested the attackers return $1 million."

“Sorry for the trouble, you sound genuinely like great people but money is money,” the attackers of the earlier exploit told ChainSwap.

"All the $NORD holders who didn’t do anything but held during the pre/post-incident are eligible for a 100% fully unlocked $NORD token on Polygon side on their same address." "On BSC, few long-term holders panic-sold their Tokens, and we are planning to compensate the $NORD in exchange for the BUSD they bought. This applies only to Holders who held the $NORD token minimum four weeks before the hack (Arbitrage bots and smart contract sells are excluded). We will announce the details after verification of snapshots."

"BSC-NORD Staking holders’ snapshots along with rewards are taken before the hack and will be migrated to Polygon Staking with the 100% $NORD balances along with the rewards earned. Excluding those who bought after the hack and staked." "BSC CAKE-LP holders’ snapshots along with rewards are taken before the hack and will be compensated with a new LP token with the same ratio as before the hack. All BUSD and NORD Balances before the hack have been taken and compensated 100% in values."

"For now, BSC Bridges are still vulnerable and we will be migrating our BSC LPs to Polygon-DFYN LPs, as it will add additional liquidity along with DFYN rewards with a present APY of 446%. A detailed migration plan will be posted soon for LP holders."

"Market selling off newly minted 500,000 $NORD on Pancake Swap, which caused the price to reach as low as $0.04. We feel it is an unfair advantage for the buyers on the BSC side, as the token supply increased 2.5 times than the original supply on BSC." "At the same time, we also acknowledge that few users might see this as an opportunity to buy cheap, which is their own decision." "Present snapshot details are overwhelmed with many TXs including few from smart contracts and bots. Please fill out a form for us to analyse the impact of $NORD Pancake transactions after the hack." "This form is made for the sole purpose of analysing the situation at hand and NORD Finance is not committing any form of compensation plan for the user who traded after the hack, which comes under their own risk management."

"We are creating a BUYBACK fund of 100K USDT from our Ethereum liquidity. We will be using it to buy back slowly and keep it in a separate wallet. What will be done with this fund will be decided later."

"Our initial estimated tokens to be newly airdropped for the holders as per above is approximately 370–380K $NORD tokens. We are in the final stage of estimating the total number $NORD Tokens to be airdropped. An exact value will be posted soon in the same article and updated with our community on our telegram channel. We have decided to cut down these additional tokens from Team, Advisory, and Foundation allocations and airdrop genuine users who got affected on the BSC side."

"We are also updating our tokenomics with extended vesting for Team, Advisory, and Foundation. Team and advisory token vesting will be changed from 18 months to 3-years. Foundation token vesting will be altered from 2-years to 3 years. Ecosystem and Rewards vesting will be altered and extend to 5 years of vesting. This will allow for smoother compensation of additional inflation that was caused due to the ChainSwap incident."

"ChainSwap is excited to announce that we have successfully integrated with Anyswap and Chainswap bridge is now live. We thank our community for its patience during the last few weeks."

Nord Finance is a robo advisor to help investors create diversified portfolios more easily. Their token used ChainSwap to exist on multiple blockchains, which required some funds to be stored in the smart contract hot wallet.

The ChainSwap bridge was hacked, and the attacker was able to obtain many tokens, which were sold. The Nord Finance team created a new smart contract and swapped old tokens for new tokens, and ran a series of other compensation measures for other affected users, plus a buy-back to increase the price.

HOW COULD THIS HAVE BEEN PREVENTED?

Theoretically, decentralized finance will eventually result in hackers having exploited every vulnerability that exists. However, it's impossible to know when that will occur and if a contract is truly secure, as opposed to there still being an exploit that just hasn't been noticed yet. For any complex smart contract, it's impossible to prove security and plenty of fully audited contracts have been exploited.

In this situation, it looks like it will be ultimately reimbursed. Platforms should, generally, be prepared for the full loss of all assets stored in hot wallets (including smart contracts). Assets that do not need to be accessed quickly should be stored securely in a simple offline multi-signature wallet.

Check Our Framework For Safe Secure Exchange Platforms

Chainswap Black Sunday, over 20 DEFI projects were stolen - 律动BlockBeats (Aug 24)
ChainSwap Exploit 11 July 2021 Post-Mortem | by ChainSwap | Medium (Aug 24)
MappableToken | 0x06c24002f43e3AF904EeEc581734EA3A7DbF355E (Aug 24)
ChainSwap Exploit Leads to Multi-Million Loss For DeFi Tokens - Decrypt (Aug 24)
@chain_swap Twitter (Aug 24)
Explained: The ChainSwap Hack (July 2021) - Halborn (Aug 24)
$8 Million Lost in Major ChainSwap Exploit | Crypto Briefing (Aug 24)
ChainSwap re-launch, we are live. ChainSwap is excited to announce that… | by ChainSwap | Medium (Aug 29)
Rekt - ChainSwap - REKT (Aug 29)
blocksec-incidents/2021.md at main · openblocksec/blocksec-incidents · GitHub (Aug 11)
Nord Finance (Sep 17)
How Dose Nord Advisory Works (Sep 21)
Chainswap Hack Transparency Update 2 (Sep 21)
Chainswap Hack Transparency Update (Sep 21)
Binance Transaction Hash (Txhash) Details | BscScan (Sep 21)
$2.11 | Nord Token (NORD) Token Tracker | Etherscan (Sep 21)
Address 0xEda5066780dE29D00dfb54581A707ef6F52D8113 | Etherscan (Sep 21)
Address 0xeda5066780de29d00dfb54581a707ef6f52d8113 | BscScan (Sep 21)
User Guide To Mint Nord Bep2o With The Chain Swap Binance Smart Chain Bridge (Sep 21)
Nord Finance NORD: Listing on Chain Swap — Coindar (Sep 21)
What is Nord Finance and the NORD Token? - Ivan on Tech Academy (Sep 21)
@Nord_Finance Twitter (Sep 21)
@Nord_Finance Twitter (Sep 21)
@Nord_Finance Twitter (Sep 21)
@Nord_Finance Twitter (Sep 21)
@Nord_Finance Twitter (Sep 21)
@Nord_Finance Twitter (Sep 21)
@Nord_Finance Twitter (Sep 21)
Nord Finance price, NORD chart, market cap, and info | CoinGecko (Sep 21)
Chainswap Post Mortem Deep Dive Into The Exploit (May 7)
Random Numbers Don’t Lie: A Closer Technical Look into Recent DeFi Hacks (May 7)

More case studies

AnySwap ECDSA
Exploit

DeFiPie Nested
Borrows