In Brief:
- Crosswise decentralized exchange compromised by a hacker and lost $879 K.
- The hacker made possible attacks due to public exposure of a privileged function.
- The hacker withdrew from TornadoCash after swapping 692K CRSS to 547 WBNB.
Crosswise, a cross-chain decentralized exchange platform (DeX) suffered bug exploitation, which led to the loss of $879,000 from the platform.
Crosswise has informed followers on the telegram “ dear Community, it seems someone attacked our token about an hour ago, dumping the price drastically. We do not know precisely what happened and need some time to address it. Such an attack should not have been possible, and we need time to figure this out. So please do not trade the token for the moment.”
Blockchain security and data analytics company Peckshield has revealed details of the hack. As per the tweet, the hacker has used privileged functions to exploit codes. Then hacker has set a trusted forwarder and compromised owner privilege of crosswisefi MasterChef.
Lastly, the hacker has changed TrustedForwarder ownership by calling the setTrustedForwarder() function.
To withdraw funds from the protocol, the hacker swapped 0.01 WBNB to 3.71 CRSS through a Crosswise router. Next, the hacker deposited 1 CROSS to Crosswisefi Masterchef. With the controlled network, the hacker implemented a new strategy and withdrew 692K CRSS. then the hacker has swapped it with 547 WBNB.
The initial funds were transferred and withdrawn from the non-custodial TornadoCash. The exchanges urged users to keep patient while fixing this problem.
Recently, crypto exchange Crypto.com suffered a hack attempt and allegedly lost about $15M worth of crypto assets. The platform has now resumed user withdrawals and is expected to publish a detailed report on the event later.
Also read: Hacker Hijacks 30 Crypto YouTubers to Broadcast Giveaway Scam
