Multichain, previously known as Anyswap, is a cross-chain router protocol, also known as CRP, that aims to become the ultimate bridge for web 3.0. The team publicly announced system vulnerabilities on Jan 17 that attracted the attention of many white-hat and black-hat hackers.
Lorenzo Franceschi-Bicchierai, a journalist at Vice, recently reported, “The hack against Multichain users keeps getting worse.” He added that “hackers have now stolen $3 million and counting, and victims complain that company is not giving them enough support in a chaotic Telegram channel.”
Multichain suffers attack on multiple tokens
On Jan 17, Multichain told its users to terminate approvals for six vulnerable tokens — wETH, PERI, OMT, WBNB, MATIC, and AVAX. The public announcement did more harm than good as many hackers arrived without invitation.
One hacker who exploited the vulnerability, who claimed to be a white-hat, offered to return 80% of the $1.4 million stolen Wrapped Ether (wETH) and keep the remaining assets as “tip for saving your money.” On the other hand, the lost fund total has reached $3 million and many users are complaining about Multichain’s less-than-satisfactory customer support.
Furthermore, one of Multichain’s Telegram group admins that goes by Mog, noted that the team had “migrated the funds long ago to maintain highest security.” But Tal Be’ery who is a cyber security researcher and the chief technology officer at ZenGo, said that Multichain picked the “the worst way to treat a vulnerability.”
Another user that goes by ChainLinkGod.eth 2.0 who has more than 131,000 followers, shared his confusion and about Multichain’s method of handling the situation on Twitter, saying, “I can’t be the only one who’s incredibly confused by @MultichainOrg’s messaging here.” He added, “Schrodinger‘s funds, both safe and unsafe at the same time.”
Multichain has more than $9.17 billion in total value locked (TVL), according to data by DeFi Llama at the time of press. The cross-chain protocol raised $60 million in a financing round at $1.2 billion led by Binance Labs and followed by many blockchain firms.
Disclaimer
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Source: https://beincrypto.com/multichain-token-vulnerabilities-hackers-swarm-steal-3m/