Hack Persists for Cross-Chain Protocol ‘Multichain’, Losses Reach $3 Million

January 22, 2022, 10:15 AM AEST - 3 months ago

The Multichain hack drama is far from over as hackers are still draining millions of tokens from the protocol, with the biggest victim reportedly losing roughly US$1 million.

Multichain Announcement Prompts Further Compromises

As per a January 17 blog post, Multichain – a cross-chain router protocol – announced it had been compromised by several hackers who exploited various vulnerabilities in the protocol, stealing over US$1 million from several tokens. But the protocol’s announcement backfired as it only prompted the hackers to steal more funds, raising the total amount to roughly US$3 million:

Security firm Dedaub spotted six cross-chain tokens in the protocol that are still subject to vulnerabilities: Wrapped ETH (wETH), Peri Finance Token (Peri), Official Mars Token (OMT), Wrapped BNB (wBNB), Polygon (MATIC), and Avalanche (AVAX).

Hacker Wants to Return Funds But ‘Keep Tips’

One of the hackers stole US$1.4 million in the first round of attacks, while another offered to return 80 percent of the funds while keeping the rest as “tips for me saving your money”. One user lost almost US$1 million in the hack, and decided to offer US$150,000 in ETH to the white hacker to retrieve his funds.

Multichain Sending Mixed Messages

What has Multichain users confused are the contradictory messages coming from the protocol’s Twitter account. On January 17, Multichain said that the critical vulnerabilities found in the six affected tokens had been “reported and fixed” by the team, but two days later it reminded users to revoke approvals of the tokens.

These mixed messages were spotted by Crypto Twitter figure ChainLinkGod, who said: “I can’t be the only one who’s incredibly confused by @MultichainOrg’s messaging here.”

Multichain has since turned off the comments on its Twitter account. Users in the company’s Telegram group are reporting that no vulnerability has yet been fixed, and that the company is not doing anything to reimburse affected users.

This is one of several DeFi hacks so far this month. Two weeks ago, Tinyman, an Algorand-based decentralised trading platform, was hacked and drained for roughly US$3 million.

Disclaimer: The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.