Multichain clients ended up losing over $3 million this week due to a security flaw in 6 coins. Although a white hat hacker refunded 322 ETH, over 527 ETH is still being targeted.
Hacker Returning 322 ETH but Collects a Huge Finders Charge
One of the Multichain hackers who recently attacked Multichain refunded 322 ETH worth about $974K to the cross-chain router protocol and an impacted customer in a spectacular turnaround.
Meanwhile, that Multichain hacker pocketed 62 ETH (worth about $187K) as a “bug bounty,” and 528 ETH (with a valuation of about $1.6 million) is still owed as a result of the flaws. OMT, WETH, MATIC, PERI, AVAX, and WBNB tokens were all affected by a security flaw with Multichain at the beginning of this week, resulting in the theft of $1.43M. According to Multichain, the severe weakness had been documented and rectified, who publicized it on 17th January.
However, as word of the weakness spread, many separate hackers swooped in, stealing over $3M in cash. The 6 tokens’ severe weakness remains, but Multichain has taken $44.5 million from several chain bridges to secure them.
A hacker that goes by the moniker “white hat” has been in contact with Multichain and a customer that lost $960K in the last day or two, negotiating a payback of 80 percent of the cash in exchange for a substantial finder’s reward.
During a protective hacking move, the hacker stated they’d been protecting the remainder of the Multichain customers that were being pursued by bots, based on a Twitter post made by Tal Be’ery, the co-founder of ZenGo wallet.
The money was repaid in four separate trades. The attacker repaid 269 ETH (about $813K) to the individual he took it from with just 2 transactions on 20th January and pocketed a bug bounty of 50 ETH ($150K). The relieved user replied to the hacker, thanking him for refunding the stolen token. The hacker also pocketed a bug bounty of 12 ETH (about $36K) and gave back 50 ETH (about $150K) to the authorized Multichain account in just two transactions overnight.
Multichain
The goal of Multichain (previously Anyswap) is to be the “ultimate Web3 router. BTC, ETH, AVAX, LTC, LUNA, and FTM are among the thirty chains currently supported by the platform. Zhaojun, Multichain’s Co-Founder and CEO, admitted in a Twitter post on 20th January that Multichain bridge contracts require a stop functionality in the future to cope with such events. The venture has been approached for comments by Cointelegraph.