Crosswise was exploited resulting in a loss of $879,000

On January 18, 2022, the Crosswise project on the BSC chain was attacked. Our security team stated that this attack was caused by the fact that the setTrustedForwarder function did not impose permission restrictions, and a special judgment was written in the function _msg.

Crosswise has informed followers on the telegram “ dear Community, it seems someone attacked our token about an hour ago, dumping the price drastically. We do not know precisely what happened and need some time to address it. Such an attack should not have been possible, and we need time to figure this out. So please do not trade the token for the moment.

Finally, the hacker changes theTrustedForwarder ownership by calling the setTrustedForwarder() function.

To extract funds from the protocol, the hackers exchanged 0.01WBNB to 3.71CRSS through a cross-exchange router.Next, the hacker deposited 1 CROSS to Crosswisefi Masterchef. Through the controlled network, hackers implemented a new tactic to withdraw 692KCRSS. The hackers then exchanged it for 547 WBNBs.

Initial funds are transferred and withdrawn from non-custodial Thor cash. The exchanges urge users to be patient as they resolve the issue.