Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Multichain users have lost over $3 million due to an unsolved security vulnerability that appeared in six supported tokens on Monday.
Hackers have continued to exploit a critical vulnerability in the cross-chain router protocol (CRP) Multichain that first appeared on Monday.
Earlier this week, Multichain urged users to revoke approvals for six tokens to protect their assets from being exploited by malicious individuals.
However, Multichain's announcement on Monday encouraged more hackers to try the exploit. One stole $1.43 million, another offered to return 80% while keeping the rest as a tip. According to Tal Beâery, the co-founder of the ZenGo wallet, the stolen amount has now risen to $3 million.
The @MultichainOrg hack is far from being over.
Over the last hours more than additional $1M stolen, rising the total stolen amount to $3M.
One victim lost $960K!https://t.co/fYhYxUojB8 pic.twitter.com/Gvh5hB6t6sâ Tal Be'ery (@TalBeerySec) January 19, 2022
Six supported tokens are still subject to the security vulnerability including Wrapped ETH (WETH), Peri Finance Token (PERI), Official Mars Token (OMT), Wrapped BNB (WBNB), Polygon (MATIC), and Avalanche (AVAX).
Users have accused the company on social media of not providing them with clear enough information or support regarding the situation. One user who lost $960k offered 50 ETH to the hackerâs address in return for the remaining funds.
The company claimed on Monday that the critical vulnerability affecting the six tokens had been reported and fixed on Monday, but on Wednesday it again reminded users to revoke approvals of the tokens. Multichain has since turned off the comments on its recent tweets.
Crypto Twitter figure ChainLinkGod said that he was âincredibly confusedâ by the platformâs message, while drarreg17 asked Multichain what it was going to do to âcompensate users like myself who were affected by the exploits?â
I canât be the only one whoâs incredibly confused by @MultichainOrgâs messaging here
Schrodingerâs funds, both safe and unsafe at the same time pic.twitter.com/AW8s8aAhHkâ ChainLinkGod.eth 2.0 (@ChainLinkGod) January 19, 2022
Related: Multichain asks users to revoke approvals amid âcritical vulnerabilityâ
Unhappy users posting in the companyâs Telegram group complained on Thursday that Multichain has not been able to resolve the security vulnerability yet, nor has it been able to provide its users with the support they seek.
Seems like @MultichainOrg reached out to the attackers offering them "bounty" (or in other words, actually paying ransom)https://t.co/DzUGUF3vX0 https://t.co/iKLh0HCBXG pic.twitter.com/yC3QEeiZhJ
â Tal Be'ery (@TalBeerySec) January 18, 2022
According to Beâery, the company reached out to the original address that has been holding over 450 ETH ($1.43 million) in stolen funds since Tuesday and offered the hacker or hackers a bug âbounty for exploits.â
Multichain (formerly Anyswap) envisions being the ultimate router for Web3. The ecosystem supports 30 chains, including Bitcoin (BTC), Avalanche (AVAX), Ethereum (ETH), Fantom (FTM), Litecoin (LTC), and Terra (LUNA), and offers no-slippage swapping.
With nearly $9 billion in TVL, it is unclear when and how Multichain will sort the situation. Cointelegraph has contacted the project for comment.
Publication date
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.