Nord Finance ChainSwap Breach

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Nord Finance

Nord Finance is a robo advisor to help investors create diversified portfolios more easily. Their token used ChainSwap to exist on multiple blockchains, which required some funds to be stored in the smart contract hot wallet.

The ChainSwap bridge was hacked, and the attacker was able to obtain many tokens, which were sold. The Nord Finance team created a new smart contract and swapped old tokens for new tokens, and ran a series of other compensation measures for other affected users, plus a buy-back to increase the price.

This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31]

About Nord Finance

"Nord Finance is an advanced decentralized financial ecosystem focusing on simplifying decentralized finance products."

"Nord Finance, a DeFi application, is a multi-chain interoperable platform that combines traditional finance features into the DeFi network in an effort to make DeFi investments more accessible and convenient for users. From yield-farming aggregation, fund management, robo-advisory to loans on assets, Nord offers a host of financial services through its 4 key products — Nord.Savings, Nord.Advisory, Nord.Loans and Nord.Swap."

"Thanks to Nord.Advisory, investors can ensure that their investment portfolio is in line with their financial goals despite market movements. And as a cherry on top, Nord.Advisory also allows users to personally define their risk profile, helping them understand the risk they will need to take to achieve their financial goals. Investors, especially beginners, can achieve a perfect balance between risk and rewards."

"Nord boasts cross-chain interoperability and can be used in conjunction with many different blockchains. This includes a recent integration with Binance Smart Chain. The Nord products on offer will include over-collateralized loans, savings, advisory services, token swaps, and asset management services. Nord Finance is an innovative, exciting new decentralized finance (DeFi) protocol bringing additional utility to stablecoins."

"Nord Finance in association with Anti Matter is proud to unveil that we have listed on chainswap.exchange to allow NORD Token holders to seamlessly bridge their $NORD tokens over to the Binance Smart Chain BEP20 standard."

"ChainSwap is a bridge protocol that links the Ethereum and Binance Smart Chain (BSC) blockchains." "It supports Binance Smart Chain, Ethereum, Polygon, and Huobi Eco Chain." "The ChainSwap hacker identified and exploited a vulnerability in the ChainSwap smart contract. This vulnerability enabled them to steal and mint new tokens for various protocols that were using the bridge to trade across Ethereum and BSC."

Investigation by ChainSwap revealed "a bug in the token cross-chain quota code. The on-chain swap bridge quota is automatically increased by the signature node, which is intended to be more decentralized without manual control. However, due to a logical flaw in code, this led to an exploit by allowing invalid addresses which weren’t whitelisted to automatically increase the amount."

"The attacker managed to take control of the projects’ BSC contracts by exploiting ChainSwap. The attacker minted tokens directly to their address, then sold them on BSC’s most popular decentralized exchange, PancakeSwap." "[T]he attacker used the PancakeSwap exchange to convert the stolen tokens to WBNB, DAI, and other tokens."

"The attacker was able to mint an additional 500,000 $NORD on BSC and market sold on pancake swap for $101,922 BUSD. This resulted in $NORD price reaching $0.04 on PCS." "The attacker took control of nearly 334,894.720 $NORD on the Ethereum mainnet and sold Uniswap for $325,641 DAI. This resulted in $NORD price reaching $0.788 on Uniswap and other ERC based CEX."

"At block 9042300 to 9042306 on @BinanceChain, an attacker took control of the $NORD BSC contract due to a critical vulnerability in the @chain_swap Protocol. Based on our initial analysis, the @chain_swap vulnerability enabled 500,000 $NORD to be minted directly to the attacker’s address from a factory root address (‘0x0000…’)." "This first minting transaction of 10,000 $NORD was confirmed on Jul-10–2021 at 07:18:45 PM and 50 subsequent minting transactions totaling 500,000 $NORD."

"Following the minting process, the attacker proceeded to the market and sold 500,000 $NORD on PCS in exchange for $101,922 BUSD. This resulted in removing nearly all BNB liquidity from the $NORD/BUSD liquidity pool and causing the price to reach $0.04."

"The attacker was able to empty the @chain_swap Bridge Contract on the Ethereum main net, withdrawing nearly 330,000 $NORD. Token acquisition started at this transaction and continued for three more transactions. In a series of nine transactions starting at block 12801662 on Ethereum, the attacker sold a total of 334,894.720 $NORD."

"NORD Finance systems, Smart Contracts, and savings protocol remain unaffected, each of which has been audited by Zokyo and Quillhash. $NORD trading continued on Uniswap, Kucion, Ascendex, Dfyn, and gate_io and as the attacker minted additional tokens and sold on PCS , the BSC contract and bridge was paused by the Chainswap team. The Chainswap hack incident impacted 20 projects, and Unfortunately, NORD finance was the most affected by this attack on both BSC and ETH sides."

"Nord Finance team working around the clock to ensure all our users and stakeholders are involved in this incident. We respect the NORD Finance community for your patience and support throughout these challenging times. We believe the best foot forward is by being transparent about the issue and implementing a thorough compensation plan to set things right."

"Chainswap said it had already repurchased a small amount of the affected tokens from the market and returned the contract wallet. The rest will be paid out in full by the Chainswap vault." "ChainSwap team has now prepared and executed a compensation plan in consensus with the affected projects." "In order to bring everybody a more rigorous, efficient bridge, the next development model of ChainSwap will be adjusted to ensure maximum safety."

"For now, Chainswap has temporarily closed its cross-chain bridge." "ChainSwap worked with the police and OKEx to identify the attackers, and managed to negotiate the recovery of Corra and Rai tokens. An initial email with the attackers suggested the attackers return $1 million."

“Sorry for the trouble, you sound genuinely like great people but money is money,” the attackers of the earlier exploit told ChainSwap.

"All the $NORD holders who didn’t do anything but held during the pre/post-incident are eligible for a 100% fully unlocked $NORD token on Polygon side on their same address." "On BSC, few long-term holders panic-sold their Tokens, and we are planning to compensate the $NORD in exchange for the BUSD they bought. This applies only to Holders who held the $NORD token minimum four weeks before the hack (Arbitrage bots and smart contract sells are excluded). We will announce the details after verification of snapshots."

"BSC-NORD Staking holders’ snapshots along with rewards are taken before the hack and will be migrated to Polygon Staking with the 100% $NORD balances along with the rewards earned. Excluding those who bought after the hack and staked." "BSC CAKE-LP holders’ snapshots along with rewards are taken before the hack and will be compensated with a new LP token with the same ratio as before the hack. All BUSD and NORD Balances before the hack have been taken and compensated 100% in values."

"For now, BSC Bridges are still vulnerable and we will be migrating our BSC LPs to Polygon-DFYN LPs, as it will add additional liquidity along with DFYN rewards with a present APY of 446%. A detailed migration plan will be posted soon for LP holders."

"Market selling off newly minted 500,000 $NORD on Pancake Swap, which caused the price to reach as low as $0.04. We feel it is an unfair advantage for the buyers on the BSC side, as the token supply increased 2.5 times than the original supply on BSC." "At the same time, we also acknowledge that few users might see this as an opportunity to buy cheap, which is their own decision." "Present snapshot details are overwhelmed with many TXs including few from smart contracts and bots. Please fill out a form for us to analyse the impact of $NORD Pancake transactions after the hack." "This form is made for the sole purpose of analysing the situation at hand and NORD Finance is not committing any form of compensation plan for the user who traded after the hack, which comes under their own risk management."

"We are creating a BUYBACK fund of 100K USDT from our Ethereum liquidity. We will be using it to buy back slowly and keep it in a separate wallet. What will be done with this fund will be decided later."

"Our initial estimated tokens to be newly airdropped for the holders as per above is approximately 370–380K $NORD tokens. We are in the final stage of estimating the total number $NORD Tokens to be airdropped. An exact value will be posted soon in the same article and updated with our community on our telegram channel. We have decided to cut down these additional tokens from Team, Advisory, and Foundation allocations and airdrop genuine users who got affected on the BSC side."

"We are also updating our tokenomics with extended vesting for Team, Advisory, and Foundation. Team and advisory token vesting will be changed from 18 months to 3-years. Foundation token vesting will be altered from 2-years to 3 years. Ecosystem and Rewards vesting will be altered and extend to 5 years of vesting. This will allow for smoother compensation of additional inflation that was caused due to the ChainSwap incident."

"ChainSwap is excited to announce that we have successfully integrated with Anyswap and Chainswap bridge is now live. We thank our community for its patience during the last few weeks."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Nord Finance ChainSwap Breach
Date Event Description
July 11th, 2021 Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $1,135,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

Theoretically, decentralized finance will eventually result in hackers having exploited every vulnerability that exists. However, it's impossible to know when that will occur and if a contract is truly secure, as opposed to there still being an exploit that just hasn't been noticed yet. For any complex smart contract, it's impossible to prove security and plenty of fully audited contracts have been exploited.

In this situation, it looks like it will be ultimately reimbursed. Platforms should, generally, be prepared for the full loss of all assets stored in hot wallets (including smart contracts). Assets that do not need to be accessed quickly should be stored securely in a simple offline multi-signature wallet.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Chainswap Black Sunday, over 20 DEFI projects were stolen - 律动BlockBeats (Aug 24, 2021)
  2. ChainSwap Exploit 11 July 2021 Post-Mortem | by ChainSwap | Medium (Aug 24, 2021)
  3. MappableToken | 0x06c24002f43e3AF904EeEc581734EA3A7DbF355E (Aug 24, 2021)
  4. ChainSwap Exploit Leads to Multi-Million Loss For DeFi Tokens - Decrypt (Aug 24, 2021)
  5. @chain_swap Twitter (Aug 24, 2021)
  6. Explained: The ChainSwap Hack (July 2021) - Halborn (Aug 24, 2021)
  7. $8 Million Lost in Major ChainSwap Exploit | Crypto Briefing (Aug 24, 2021)
  8. ChainSwap re-launch, we are live. ChainSwap is excited to announce that… | by ChainSwap | Medium (Aug 29, 2021)
  9. Rekt - ChainSwap - REKT (Aug 29, 2021)
  10. blocksec-incidents/2021.md at main · openblocksec/blocksec-incidents · GitHub (Aug 11, 2021)
  11. Nord Finance (Sep 17, 2021)
  12. How Dose Nord Advisory Works (Sep 21, 2021)
  13. Chainswap Hack Transparency Update 2 (Sep 21, 2021)
  14. Chainswap Hack Transparency Update (Sep 21, 2021)
  15. Binance Transaction Hash (Txhash) Details | BscScan (Sep 21, 2021)
  16. $2.11 | Nord Token (NORD) Token Tracker | Etherscan (Sep 21, 2021)
  17. Address 0xEda5066780dE29D00dfb54581A707ef6F52D8113 | Etherscan (Sep 21, 2021)
  18. Address 0xeda5066780de29d00dfb54581a707ef6f52d8113 | BscScan (Sep 21, 2021)
  19. User Guide To Mint Nord Bep2o With The Chain Swap Binance Smart Chain Bridge (Sep 21, 2021)
  20. Nord Finance NORD: Listing on Chain Swap — Coindar (Sep 21, 2021)
  21. What is Nord Finance and the NORD Token? - Ivan on Tech Academy (Sep 21, 2021)
  22. @Nord_Finance Twitter (Sep 21, 2021)
  23. @Nord_Finance Twitter (Sep 21, 2021)
  24. @Nord_Finance Twitter (Sep 21, 2021)
  25. @Nord_Finance Twitter (Sep 21, 2021)
  26. @Nord_Finance Twitter (Sep 21, 2021)
  27. @Nord_Finance Twitter (Sep 21, 2021)
  28. @Nord_Finance Twitter (Sep 21, 2021)
  29. Nord Finance price, NORD chart, market cap, and info | CoinGecko (Sep 21, 2021)
  30. Chainswap Post Mortem Deep Dive Into The Exploit (May 7, 2022)
  31. Random Numbers Don’t Lie: A Closer Technical Look into Recent DeFi Hacks (May 7, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Nord_Finance_ChainSwap_Breach&oldid=4139"