Post Exploit Update

Crosswise Finance
5 min readJan 21, 2022

--

Most of this was posted in our Telegram and Discord groups. We are re-posting it here to ensure all community members are kept up to date.

Good Morning Crosswise Community,

As most of you will know Crosswise suffered a series of exploits starting on the 18th Jan 2022. We would like to give you an update and re-assure you that we are working on a solution to the situation.

We are as disappointed as you are. We are terribly sorry and will find a way to make it work for our community.

We now know how the attacker exploited our Masterchef contract. What is less clear is why that vulnerability was left unaddressed, and even ironed over. There are some indications that this may have been done with intent, and we will seek legal counsel on whether we need to report the case to law enforcement.

The situation is complex but as a consequence we have had to ask 4 of our developers to leave due to negligence, and perhaps malfeasance.

On a more positive note, not all is lost! We still have some funds left in treasury, innovative code, and a formidable community.

We don’t want to overpromise anything so please treat this as provisional information. However we fully intend to get back up and running. Frederic, myself and the rest of the team remain committed to this project, and we’re determined to see it to fruition.

We’re also happy to be able to say that we have already found several new team members that have impressed us with their overall ability and work ethic.

What we are doing now is preparing a snapshot of user’s holdings prior to the exploit, and deciding on entitlements.

Our aim is to ensure your holdings return to the same value as pre-exploit, whilst adjusting for subsequent buy sell behaviour. It will definitely not be possible to compensate the rewards post-exploit.

So going forward we will make sure that the snapshot / redeployment coins:

Same Value of LP Tokens stored, Same Price of CRSS, Same Amounts in Pools.

This will lead to no financial loss for any investor involved and also we will have the exact same status of the DAPP as before the exploit.

We may also offer some “dip buyers” partial compensation, but we have yet to ascertain the viability of such a scheme.

Given the nature of the exploit we need to re-evaluate the entire codebase for further vulnerabilities. We will also take this opportunity to further improve the code.

Once satisfied with the evaluation, we will finalise the audit with CertiK, and only then redeploy our contracts.

We can’t as yet give you a definitive timeframe, but currently estimate 2–3 months for us to complete these tasks including the Audit.

This includes a complete redesign of the DAPP & the implementation of new, essential features to improve the platform.

In the meantime, we would kindly as you not to buy or sell CRSS token, nor try to convert pre-sale tokens. The less movements there are the easier it will be to reconcile accurately. The token will be replaced and CRSS token bought this late after the exploit will definitely not be taken into account for compensation.

For the very latest updates, please join our Discord or Telegram groups, but we will also continue to post updates here and elsewhere online.

We thank you once again for your understanding and support through these difficult times!

Statement from Frederic Beeg, CEO:

I’m deeply saddened by the recent events and just wanted to reassure users:

  1. I have invested 700k USD from my own funds by funding the development of Crosswise throughout 6 months before the Presale and also during the Presale. Therefore for anyone thinking Im linked to it: stealing around 300k USD worth of funds from the project doesn’t make any sense at all.
  2. We still have a lot of funds in the Dev Wallet that will be used to reimburse users for the hack, re-rewrite the code & UI of the DAPP, get complete audits in place and ultimately redeploy the project and offer the platform we promised.
  3. We are taking snapshots before the hack & will mirror the amounts.
  4. We have fired 4 devs connected to the hack and seek legal counsel.
  5. Before we redeploy we will get audited twice.
  6. Our new DEVs are evaluating all code for potential issues.
  7. We will launch again, reimburse users and make Crosswise ultimately happen as I have imagined it: Being the Next-Gen, User-Friendly Cross-Chain DEX as promised to all investors and users. Be assured, it will happen. Now its time for us to recover and come up with a 100% secure, working protocol.

In the meantime, please give us some time to build up the Team again and fix all important issues.

Greetings,

Frederic

About Crosswise Finance

Next-gen cross-chain Decentralized Exchange (DEX) building a seamless DeFi user experience. Crosswise Finance bridges the gap between centralized and decentralized exchanges, bringing together the best of both worlds. Crosswise is committed to it’s community and brings back customer service and support to the DeFi space.

Disclaimer: This content is provided for informational purposes only, and should not be relied upon as legal, business, investment, or tax advice. You should consult your own advisers as to those matters. References to any securities or digital assets are for illustrative purposes only, and do not constitute an investment recommendation or offer to provide investment advisory services. Furthermore, this content is not directed at nor intended for use by any investors or prospective investors, and may not under any circumstances be relied upon when making investment decisions.

--

--

Crosswise Finance
Crosswise Finance

Written by Crosswise Finance

Next-gen multi-chain Decentralized Exchange building a seamless DeFi user experience. Crosswise bridges the gap between centralized and decentralized exchanges.