Multichain is an open-source blockchain platform that helps organizations to build and deploy blockchain applications. Over the week, the platform users have lost more than $3 million owing to a security vulnerability. However, a twist came as a white-hat hacker returned 322 worth $974k Ethereum coins. The ETH coins were returned to the cross-chain router protocol and one of the affected users. Besides, the hacker kept 62 coins worth $187k as a bug bounty. However, more than 527 ETH worth nearly $1.6 million remains exploited.
Multichain faced a critical vulnerability
On Monday, Multichain announced that the platform faced a critical vulnerability, which had been reported and fixed. As the news emerged of the security vulnerability, it was also revealed that the users lost Wrapped Ethereum (wETH), Peri Finance (PERI), Mars Token (OMT), Wrapped Binance Coin (wBNB), Polygon (MATIC), and Avalanche (AVAX). Notably, the hackers laundered over 3 million in funds.
– Advertisement –
According to experts, the publicity of the vulnerability had encouraged several attackers to swoop in. The exploits in the six tokens still exist. However, the platform has drained more than $44.5 million worth of funds from multi-chain bridges to secure them.
A white-hat hacker negotiated
One of the malicious actors called himself a white hat hacker who communicated with the platform and a user who lost $960k worth of assets. In the past, he negotiated to return 80% of the funds in exchange for a hefty finder’s fee, which he took as a bug bounty.
Moreover, the hacker claimed that he was saving the rest of the users of the blockchain platform who were targeted by bots in the act of defensive hacking. Besides, it is also revealed that the funds were returned in four transactions. 269 ETH was returned to the user directly stolen from and kept 50 ETH as his reward. The users were happy and responded positively to the hacker’s honesty.
However, the hacker later returned 50 ETH coins while keeping only 12 ETH as a bug bounty.
How will the platform deal with such situations in the future?
Multichain, formerly known as Anyswap, focuses on becoming an ultimate router for the blockchain ecosystem. In the current scenario, the platform supports 30 chains, including Bitcoin, Ethereum, Litecoin, and Terra.
Following the exploit, Zhaojun, the co-founder and CEO of the project, conceded that the platform needed a pause function to deal with such incidents in the future.
Source: https://www.thecoinrepublic.com/2022/01/21/multichain-hackers-came-with-a-dramatic-twist/