Owing to a security vulnerability in six tokens, Multichain users lost more than $3M over the week. A white hat hacker returned 322 ETH, but in excess of 527 ETH is still exploited.

In a dramatic twist, one of this week’s Multichain hackers has returned 322 ETH ($974,000 at the time of writing) to the cross-chain router protocol and one of the affected users.

However the hacker kept 62 ETH ($187,000) as a “bug bounty”, and a total of 528 ETH (worth $1.6M) remains outstanding after the exploits.

Earlier this week, news emerged of a security vulnerability with Multichain relating to the tokens WETH, PERI, OMT, WBNB, MATIC, and AVAX, and $1.43 million was stolen. Multichain announced on Jan. 17 the critical vulnerability had been “reported and fixed.”

However, publicity about the vulnerability reportedly encouraged a number of different attackers to swoop in, and more than $3 million in funds were stolen. The critical vulnerability in the six tokens still exists, but Multichain has drained around $44.5m of funds from multiple chain bridges to protect them.

One of the hackers, calling himself a "white hat" has been in communication with both Multichain and a user who lost $960,000 in the past day or so, to negotiate returning 80% of the money in return for a hefty finders fee.

According to a Jan. 20 tweet from ZenGo wallet co-founder Tal Be’ery, the hacker claimed they hadbeen “saving the rest” of the Multichain users who were being targeted by bots, in an act of defensive hacking.

The funds were returned across four transactions. On Jan. 20 the hacker returned 269 ETH ($813,000) in two transactions directly to the user he stole it from and kept a bug bounty of 50 ETH ($150,000).

The relieved user responded to the hacker:

Well received, thank you for your honesty.

Overnight, the hacker also returned 50 ETH ($150,000) across two transactions to the official Multichain address, and kept a bug bounty of 12 ETH ($36,000).

Multichain (formerly Anyswap) aims to be the “ultimate router for Web3.” The platform supports 30 chains at the moment, including Bitcoin (BTC), Ethereum (ETH), Avalanche (AVAX), Litecoin (LTC), Terra (LUNA), and Fantom (FTM).

In a tweet on Jan. 20, the Co-Founder and CEO of Multichain Zhaojun conceded that Multichain bridge contracts need a pause function to deal with similar incidents in future.

Cointelegraph has contacted the project for comment.

Cryptos feed Join Telegram

Recommended content


Recommended Content

Editors’ Picks

Top 3 Price Prediction Bitcoin, Ethereum, Ripple: What’s next after cryptos meet stiff resistance

Top 3 Price Prediction Bitcoin, Ethereum, Ripple: What’s next after cryptos meet stiff resistance

Bitcoin price has shown incredible resilience after its massive crash in the second week of June. Since then BTC has produced considerable gains over the past week and the start of a new week brings the promise of even higher returns.

More Bitcoin News

All you need to know about Cardano’s Vasil hard fork and how ADA price will react

All you need to know about Cardano’s Vasil hard fork and how ADA price will react

Cardano price seems to be preparing for massive gains as Vasil hard fork takes one step closer to becoming a reality. In a recent Twitter thread, IOHK, the developers behind Cardano announced the launch of Cardano node 1.35.0 on June 25.

More Cardano News

Traders must watch out for this bull trap SafeMoon price is forming

Traders must watch out for this bull trap SafeMoon price is forming

SafeMoon (SFM) price looks promising today for a pop higher and a test of the technical moving average at around $0.000600000. With the current soft patch in global markets, tail risks are still very much present and could flare up at any moment.

More SafeMoon News

SEC vs. Ripple: Brad Garlinghouse announces expansion out of the US if outcome is unfavorable

SEC vs. Ripple: Brad Garlinghouse announces expansion out of the US if outcome is unfavorable

Brad Garlinghouse, CEO of Ripple, has affirmed a move outside the US if the payment giant loses the SEC vs. Ripple lawsuit. Ripple has been embroiled in a legal battle, defending its sale of XRP and the altcoin's position as a non-security since December 2020.

More Ripple News

Bitcoin: Everything you need to know about BTC 200-week MA

Bitcoin: Everything you need to know about BTC 200-week MA

Bitcoin price has gone through turbulent times over the last few months. From reaching a new all-time high to hitting yearly lows and revisiting levels since 2020, the crypto markets have been extremely volatile.

Read full analysis

BTC

ETH

XRP