AVAX, Matic and Wrapped BNB and Ethereum Have Critical Vulnerability on Multichain, 450 ETH Stolen

article image

Arman Shirinyan

Security issues were noticed previously but, unfortunately for the protocol’s users, funds were stolen

Contents

  • The vulnerability
  • Hackers succeed

The previously reported vulnerability on Multichain’s Cross-Chain Router Protocol for tokens WETH, PERI, OMT, WBNB, MATIC and AVAX has been compromised by hackers currently using the vulnerability to attack users’ funds.

The warning was published by samczsun security and research analyst and PeckShield and Dedaub security firms. According to the tweet, the exploit is going on “right now.” The analyst has also suggested revoking approvals from the protocol until it is too late.

The vulnerability

Previously, the vulnerability was reported by the protocol itself with the help of blockchain security firm Dedaub. As the protocol’s team reported, the issue has been fixed, but at the same time, if users have ever approved any of the abovementioned tokens, the router had to remove all approvals as soon as possible.

If any of the contracts of the mentioned tokens have ever been approved by a user, he or she should revoke the approval on the protocol’s page.

Hackers succeed

As security firm PeckShield later reported, the hackers succeeded and stole approximately 450 ETH. All of the money is currently sitting in the “C3863c” address. The address has received all of the transactions in the past hour. Reportedly, around 400 users’ wallets have been compromised.

It is not yet clear whether the exploit took place due to the Multichain team’s inability to fix the issue or users’ unwillingness to follow the previously published instructions. Given the nature of the Ethereum network, it is more likely that funds have been lost and will never be returned, especially if hackers decide to use coin mixing applications.

At press time, the funds have not been moved from the hacker’s wallet.

Source: https://u.today/avax-matic-and-wrapped-bnb-and-ethereum-have-critical-vulnerability-on-multichain-450-eth-stolen