Cointelegraph Team
Cointelegraph
Owing to a security vulnerability in six tokens, Multichain users lost more than $3M over the week. A white hat hacker returned 322 ETH, but in excess of 527 ETH is still exploited.
In a dramatic twist, one of this week’s Multichain hackers has returned 322 ETH ($974,000 at the time of writing) to the cross-chain router protocol and one of the affected users.
However the hacker kept 62 ETH ($187,000) as a “bug bounty”, and a total of 528 ETH (worth $1.6M) remains outstanding after the exploits.
Earlier this week, news emerged of a security vulnerability with Multichain relating to the tokens WETH, PERI, OMT, WBNB, MATIC, and AVAX, and $1.43 million was stolen. Multichain announced on Jan. 17 the critical vulnerability had been “reported and fixed.”
However, publicity about the vulnerability reportedly encouraged a number of different attackers to swoop in, and more than $3 million in funds were stolen. The critical vulnerability in the six tokens still exists, but Multichain has drained around $44.5m of funds from multiple chain bridges to protect them.
Yeah, bridge contract need pause function. https://t.co/lPjLsE5EtR
— Zhaojun (@zhaojun_sh) January 20, 2022
One of the hackers, calling himself a "white hat" has been in communication with both Multichain and a user who lost $960,000 in the past day or so, to negotiate returning 80% of the money in return for a hefty finders fee.
According to a Jan. 20 tweet from ZenGo wallet co-founder Tal Be’ery, the hacker claimed they hadbeen “saving the rest” of the Multichain users who were being targeted by bots, in an act of defensive hacking.
The funds were returned across four transactions. On Jan. 20 the hacker returned 269 ETH ($813,000) in two transactions directly to the user he stole it from and kept a bug bounty of 50 ETH ($150,000).
The relieved user responded to the hacker:
Well received, thank you for your honesty.
Overnight, the hacker also returned 50 ETH ($150,000) across two transactions to the official Multichain address, and kept a bug bounty of 12 ETH ($36,000).
Multichain (formerly Anyswap) aims to be the “ultimate router for Web3.” The platform supports 30 chains at the moment, including Bitcoin (BTC), Ethereum (ETH), Avalanche (AVAX), Litecoin (LTC), Terra (LUNA), and Fantom (FTM).
In a tweet on Jan. 20, the Co-Founder and CEO of Multichain Zhaojun conceded that Multichain bridge contracts need a pause function to deal with similar incidents in future.
Cointelegraph has contacted the project for comment.
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.
Recommended Content
Editors’ Picks
Google, Apple could remove Binance from their app store on Philippines SEC request
The Philippines SEC has requested Google and Apple to remove applications controlled by Binance from their App stores. The exchange’s Philippines-based users are finding the exchange inaccessible to remove their funds.
XRP rallies as Ripple slams SEC for penalties, asks regulator to establish likelihood of future violations
Ripple filed its response to the SEC lawsuit on Monday, arguing that XRP institutional sales before and after the court ruling show no disregard for the law. The firm asks for a civil penalty of no more than $10 million against the $2 billion requested by the SEC.
Here’s why Ondo price hit new ATH amid bearish market outlook Premium
Ondo price shows no signs of slowing down after setting up an all-time high (ATH) at $1.05 on March 31. This development is likely to be followed by a correction and ATH but not necessarily in that order.
PENDLE price soars 10% after Arthur Hayes’ optimism on Pendle derivative exchange
Pendle price is among the top performers in the cryptocurrency market today, posting double-digit gains. Its peers in the altcoin space are not as forthcoming even as the market enjoys bullish sentiment inspired by Bitcoin (BTC) price.
Bitcoin: BTC post-halving rally could be partially priced in Premium
Bitcoin (BTC) price briefly slipped below the $60,000 level for the last three days, attracting buyers in this area as the fourth BTC halving is due in a few hours. Is the halving priced in for Bitcoin? Or will the pioneer crypto note more gains in the coming days?