ChainSwap July 10–11, 2021 quota exploit
A logic flaw in ChainSwap's cross-chain quota code allowed non-whitelisted addresses to increase bridge quota and affect 20 bridged assets. ChainSwap reported a combined value of approximately $4 million and took the bridge offline.
Incident facts
- Incident title
- ChainSwap July 10–11, 2021 quota exploit
- Bridge
- ChainSwap
- Incident date
- 2021-07-10
- Incident type
- Exploit
- Major incident
- Yes
- Affected chains
- Ethereum, BNB Chain, Unknown
- Affected assets
- Unknown
- Attack category
- Smart Contract Bug
- Reported loss
- Approximately $4 million
- Recovery
- None
- Reimbursement
- In Progress
- Restart
- Reopened
- Current outcome
- Active After Incident
- Resolution
- Unresolved
- Last reviewed
- 2026-06-15
- Last verified
- 2026-06-15
Timeline events
Second July exploit affected 20 bridged assets2021-07-10
A quota-logic flaw was exploited across 20 bridged assets, after which ChainSwap took the bridge offline and froze mapping tokens.
ASAP token replacement and compensation plan documented2021-07-13
ChainSwap described issuing a replacement token, using a pre-exploit snapshot, and compensating affected projects and holders after the second exploit.
ChainSwap bridge relaunched2021-08-20
ChainSwap announced that the bridge was live again after the July incidents and remediation work.
Evidence records
- ChainSwap Exploit 11 July 2021 Post-MortemChainSwap · Tier 1 · 2021-07-12
- ASAP token important updateChainSwap · Tier 1 · 2021-07-13
- ChainSwap re-launch, we are liveChainSwap · Tier 1 · 2021-08-20
Known unknowns
- The incident crossed July 10–11 UTC in official descriptions.
- Final compensation completion requires later review.