TL;DR Breakdown
- White hat hackers hit Multichain protocol.
- Hack followed report that users could be exploited, Hackers swamped the platform.
- White Hat hacker broke in to ensure funds were kept safe.
A white-hat hacker has returned 259 Ethereum (around $900,000) after draining the coffers of Multichain users.
Multichain is a cross-chain router protocol that bridges users between thirty different blockchains, including Bitcoin, Ethereum, and Terra.
The users of cross-chain protocol lashed out over an unsolved security vulnerability that appeared earlier this week and the platform’s failure to act. Later on, though, Multichain revealed that one white-hat hacker returned 259 ETH, worth approximately $813,000.
How Multichain exploit all began
Earlier this week, Multichain, a platform that allows users to swap tokens between blockchains previously known as Anyswap, announced in a blog post that users needed to remove smart contract approvals to six tokens that were vulnerable to hackers.
The announcement backfired and tipped off multiple hackers, who immediately started draining funds from the vulnerable accounts. As of Wednesday afternoon, hackers had stolen more than $3 million, according to Tal Be’ery, a cybersecurity researcher who has been tracking the hack since the beginning.
One of those hackers turned out to be a self-styled good guy, however, positioning their own $1.2 million theft from multiple victims as a defensive hack and offering to return most of the funds.
Negotiations happened on the blockchain itself, with the “white hat” hacker and victims, as well as the company itself, swapping messages in Ethereum transactions. A day later, the so-called white hat returned more than $800,000, according to a transaction on the blockchain spotted by Be’ery.
“Well received, thank you for your honesty,” one victim, who lost nearly $1 million in ether and offered a 50 ETH (roughly $150,000) tip, wrote in a blockchain message to the hacker.
In another blockchain message directed to Multichain, the hacker said that they would return other stolen funds—63 ETH, or roughly $189,000, with the hacker keeping a 12 ETH “tip”—and stop “saving the rest” of the money that’s in vulnerable accounts since most users have now disabled permissions.
Source: https://www.cryptopolitan.com/whitehat-hacker-hits-multichain-protocol/