Yesterday's emergency suspension of the SpaceSwap Bridge Service was caused by a major DeFi hacker attack. As a result of the attack, the SpaceSwap Bridge Service was affected. The attack was quickly stopped and the leakage of funds terminated. We would like to assure you that all users’ funds are safe and that all swaps sent to the Bridge prior to the attack will be processed manually within 48 hours. We have already launched an investigation into what happened. We also suspended the NFT STARS Bridge in order to avoid any possible attack, though no evidence of a hack was found.
Details of the attack
On January 3rd, we noticed a leakage of funds in the token Bridge Service on the SpaceSwap platform. The service was stopped to avoid further losses. However, due to the decrease in MILK2’s token price, we are receiving questions from the community.
After the July episode, when the main Bridge wallet was targeted, the application architecture was made more complex and upgraded. This time, the attack was conducted on the temporary wallets. We quickly discovered the final recipient of the funds and saw that this address had previously conducted several other hacker attacks:
https://bscscan.com/address/0xcdd37ada79f589c15bd4f8fd2083dc88e34a2af2#comments
https://etherscan.io/address/0xcdd37ada79f589c15bd4f8fd2083dc88e34a2af2#comments
We also noticed that at the time of the attack on SpaceSwap, there was a similar one happening with another wallet. One of the malicious addresses was draining stablecoins from another address using a similar scheme.
Our users’ funds were not compromised in any way — all the tokens that were sent to the Bridge at the moment of the attack have or will be sent to their owners.
Next steps
Firstly, we would like to assure everyone that we will be conducting the SpaceSwap native tokens buy-back worth a total of $50,000 in order to support the market price after the hackers’ immediate dump of the stolen tokens.
Secondly, we will be using the reserve fund to guarantee that all users who sent tokens to the bridge fully receive their assets.
And lastly, SpaceSwap has started conducting a major technical review of the Bridge Service in order to protect users from exploits like this. We have a hypothesis of what could have happened and it has nothing to do with the basic architecture and staff access — both of these were significantly changed as a result of the July exploit review.
All transactions that have not yet been processed by the Bridge will be finalized within 48 hours. Please feel free to contact our support team if you have any questions.
Once the investigation into the attack is complete, the SpaceSwap and NFT STARS Bridge services will be adjusted in accordance with the results of the inquiry so as to provide safe transactions in future. We will keep you informed about the ongoing work and provide you with regular updates about how the process is going.
Thank you for your understanding!
Website: https://spaceswap.app
Telegram: t.me/SpaceSwap
Twitter: https://twitter.com/spaceswapdefi
Blog: https://blog.spaceswap.app
Discord: https://discord.com/invite/4hvxZNWGHP
YouTube: https://www.youtube.com/c/SpaceSwap