Posted on January 20, 2022 at 5:55 PM
A vulnerability in MultiChain protocol allowed threat actors to exploit the platform for $1.5 million. ZenGo co-founder Tal Be’ery stated that the exploitation of the on-chain protocol has cost the protocol nearly $3 million.
Multiple blockchain wallets are exploiting the vulnerability in the protocol, as one of the hackers, who claimed to be a white-hat hacker, offered to return 80% of the $200,000 he took from the protocol.
The hacker, who claimed to be a white hacker, said he only stole $200,000 from the protocol. “whitehat here, send me the tx you lost your weth, I give 80% back,” the hacker added.
The Bug Was Fixed But Still Affected Previous Users
The hacker said they will keep the remaining 20% of the $200,000 for keeping the funds safe. MulriChain has responded to the hacker’s message, providing an address they should send the funds to and hoping that the hackers return the fund to the address specified in the message.
It’s not clear whether the same hacker was responsible for other hacking incidences on the MultiChain platform.
Be’ery was asked if the hacker might be the owner of the wallet that stole $1.5 million during the exploit. He replied by saying that it could be possible but “cannot really know.”
Multichain is a cross-chain protocol for swapping protocols across blockchains. The platform revealed that there was a bug in the protocol on January 17. The project stated that the vulnerability affected six tokens, including wrapped ether (WETH). Although the protocol said the bug has been fixed, it still affected previous users.
A User Who Lost $1 Million Offers 50 ETH To The Hacker To Return The Fund
MultiChain stated that anyone who has used the protocol in the past should try to keep their funds safe from the specific attack by revoking permissions to the application. Even after Multichain had warned users, many of them could not heed the advice, and eventually fell prey to the attackers’ exploits.
However, the MultiChain team had sent out a message to the original address through a message in a blockchain transaction. According to the message, the project is offering a bounty for exploits on the platform. This implies that there is a reward for the hacker if they return the stolen funds. So far, no one has responded directly to the message.
One user claimed he lost almost $1 million due to the exploit. The user has offered the hacker that stole the funds 50 ETH ($150,500) as a tip if he returns the rest.
Affected Users Advised To Withdraw Their Approvals
The MultiChain platform was created in July 2020 to address the clear need for diverse and distinct blockchains to communicate with one another. Each blockchain has its development system and community, as well as its set of services. The platform was created out of the need for a reliable, economical, secure, and rapid system to exchange data. It also helps to ensure control between industry chains to advance to the next level of consumers.
The protocol said the identified bug is critical for the experienced users who have approved the six tokens (WBNB, AVAX, OMT, MARIC, PERI, and WETH. The MultiChain team has advised the affected individuals to immediately withdraw their approvals before sending any of the 6 tokens back to their wallets.
If they delay any further, the six tokens in their address could be at high risk, and the danger will only be cleared if the approvals are revoked. While the old contracts with the bug have been discarded, the new contracts with the issue resolved will be published and launched later, according to the MultiChain team.
Investors Cautioned As Crypto Heist Increases
The cryptocurrency market has seen increased interest from both investors and hackers who are looking for avenues to steal people’s funds.
Cybersecurity researchers have warned investors to be cautious in the market, especially when it comes to investing in new cryptocurrency projects. Threat actors are always looking for avenues to steal funds from vulnerable cryptocurrency ventures.
In some cases, the hackers exploit a vulnerability in the protocol (as is the case with the MultiChian hack) while in other cases, the project creators are the perpetrators of the exploitation. They take funds from the pool of investors by exploiting its coding and suddenly leaving the project through a method known as rug pulling. As a web3 Ultimate Router, MultiChain is a system designed to enable arbitrary cross-chain transactions.