$54 000 USD

JULY 2021




"Inspired by Uniswap and Sushiswap, SakeSwap aims to improve the design of AMM in terms of price curves and contributor rewards."


"The SAKE token has two functions, which are entitling SAKE holders to governance rights and a portion of the fees paid to the protocol. Eventually, SAKE holders will own the protocol. SAKE tokens can entitle liquidity providers and traders to continue earning the benefit of the protocol development, which means the early adopters will be significant stakeholders of SakeSwap. Meanwhile, SakeSwap involves tokenomics of deflation to support the token price from a structural perspective."


"Unlike SUSHI Token that has unlimited total volume, we set SAKE token a limited total volume to avoid dilution and maintain project sustainability." "Instead of arbitrators acquiring all the slippage in Uniswap, liquidity providers in SakeSwap are enabled to capture profits otherwise captured by arbitrageurs with virtual trading curves." "To make the yield farming as easy as possible for current Uniswap LP token holders, Uniswap LP token holders, as we have learned from Sushiswap, can start farming directly by staking their LP tokens into SakeSwap."


"SAKE Dev Fund is set up for project sustainability and project security audit. 6% of every SAKE distribution is set aside for future iterations and the implementation of governance proposals. All bills for security audit will also be paid by the fund."


"SakeSwap will focus on the development of the Asset Issuance Platform + Swap, positioning itself as coinlist + swap. The new feature, ILO (initial liquidity offerings), is an innovative fundraising method that creates AMM liquidity pools directly for projects and investors. With SakeSwap ILO, projects built on Ethereum and Polkadot will be able to easily raise and exchange capital in public and develop from 0 to 1 quickly. Currently, ILO is deployed on Ethereum. And the Polkadot deployment is on the future plan."


"ChainSwap provides the bridge between Ethereum and OKExChain for SAKE holders."


"ChainSwap is a bridge protocol that links the Ethereum and Binance Smart Chain (BSC) blockchains." "It supports Binance Smart Chain, Ethereum, Polygon, and Huobi Eco Chain." "The ChainSwap hacker identified and exploited a vulnerability in the ChainSwap smart contract. This vulnerability enabled them to steal and mint new tokens for various protocols that were using the bridge to trade across Ethereum and BSC."


"ChainSwap was attacked due to an exploit which resulted in around 1.42 m SAKE tokens, that were locked in ChainSwap’s contract, to be stolen on July 11th. There were over 20 projects involved in this hack."


Investigation by ChainSwap revealed "a bug in the token cross-chain quota code. The on-chain swap bridge quota is automatically increased by the signature node, which is intended to be more decentralized without manual control. However, due to a logical flaw in code, this led to an exploit by allowing invalid addresses which weren’t whitelisted to automatically increase the amount."


"The attacker managed to take control of the projects’ BSC contracts by exploiting ChainSwap. The attacker minted tokens directly to their address, then sold them on BSC’s most popular decentralized exchange, PancakeSwap." "[T]he attacker used the PancakeSwap exchange to convert the stolen tokens to WBNB, DAI, and other tokens."


"For now, Chainswap has temporarily closed its cross-chain bridge." "The related ChainSwap mapping token addresses are frozen to filter out the hackers accounts. Since the bridge supported by ChainSwap is not functional, the KIP20 SAKE can’t be converted to ERC20 SAKE now." "Trading of the SAKE on Ethereum and BSC were NOT impacted and continue to operate as normal."


"ChainSwap worked with the police and OKEx to identify the attackers, and managed to negotiate the recovery of Corra and Rai tokens. An initial email with the attackers suggested the attackers return $1 million."


“Sorry for the trouble, you sound genuinely like great people but money is money,” the attackers of the earlier exploit told ChainSwap.


"ChainSwap is excited to announce that we have successfully integrated with Anyswap and Chainswap bridge is now live. We thank our community for its patience during the last few weeks."


"There will be 2 Compensation Plans available for all KIP20 SAKE holders to choose. All users who hold the KIP20 SAKE, their relevant wallets will be eligible for the compensation plan and will receive ERC20 SAKE or ASAP tokens as compensation."


"Sake devs will donate ERC20 SAKE from a Dev Account to KIP20 SAKE holders impacted." "ChainSwap will [also] compensate with ASAP tokens to KIP20 SAKE holders impacted." "SAKE holders on OKExChain only need to transfer the KIP20 SAKE tokens to the corresponding burn address to claim."


"The 6 SAKE farming pools on OKExChain will end in block height 4373581 (Estimated Date: July 20th 2021). All unharvested SAKE tokens holders are also eligible for the Compensation Plan."


"All transaction records before 10th August will be executed on 10th August. Your corresponding amount of compensation will be calculated by the plan you choose and will be distributed to the wallet address that was used to transfer KIP20 SAKE to the black hole."


"ERC20 $SAKE tokens were distributed to the holders on #OKExChain as compensation. All compensations were operated based on on-chain transfer records of the black hole address."

SakeSwap is an automated market making service. Their token used ChainSwap to exist on multiple blockchains, which required some funds to be stored in the smart contract hot wallet.


The ChainSwap bridge was hacked, and the attacker was able to obtain the tokens, which were sold. SakeSwap and ChainSwap ran a joint token swap reimbursement for affected users.


Theoretically, decentralized finance will eventually result in hackers having exploited every vulnerability that exists. However, it's impossible to know when that will occur and if a contract is truly secure, as opposed to there still being an exploit that just hasn't been noticed yet. For any complex smart contract, it's impossible to prove security and plenty of fully audited contracts have been exploited.


In this situation, there was luckily not much taken, and it looks like it will be ultimately reimbursed. Platforms should, generally, be prepared for the full loss of all assets stored in hot wallets (including smart contracts). Assets that do not need to be accessed quickly should be stored securely in a simple offline multi-signature wallet.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.