Multichain Losses Reportedly Exceed USD 3M As Critical Vulnerability Remains Unsolved

 

Losses of the cross-chain router protocol (CRP) Multichain have reportedly exceeded USD 3m as the protocol is still prone to additional hacks and exploitation.

Tal Be’ery, co-founder of the crypto wallet app ZenGo, claimed that the “hack is far from being over.” He added that hackers have continued to exploit the project.

The $1M victim is now offering 50 ETH ($150K) "tip" for the "White hat" in return for his funds.https://t.co/EWgag6GR9k pic.twitter.com/QhcDmTotw2

— Tal Be'ery (@TalBeerySec) January 19, 2022

Likewise, security and data analytics company PeckShield said it has discovered that critical vulnerabilities in multiple chain bridges continue to persist.

“It turns out AnyswapV3ERC20/AnyswapV4ERC20/AnyswapV5ERC20 are all vulnerable to another critical vulnerability. And MultichainOrg makes use of a privileged function to *DRAIN* the funds of multiple chain-bridges (~[USD] 44.5M: [USD] 38M in AVAX , [USD] 5M in BSC, [USD] 1.5M Polygon),” the firm tweeted.

Earlier this week, Multichain urged users to remove approvals for wrapped ether (WETH), PERI, OMT, WBNB, MATIC, and AVAX, warning that otherwise their assets would be exposed to breaches.

On Tuesday, Multichain tweeted that hackers have managed to siphon WETH 445 (USD 1.4m) from users.

⚠️⚠️Users haven't revoked weth approval are currently being exploited (445weth total affected)! Remove approvals here: https://t.co/S9nDfrtS0G , as per yesterday's instructions (https://t.co/CBD4AdgzI6), to be sure your funds are safe.

— Multichain (Previously Anyswap) (@MultichainOrg) January 18, 2022

Meanwhile, some Multichain users have accused the platform of not providing clear information or enough support about the ongoing problems. Some even pointed out the project’s contradicting messages.

“I can’t be the only one who’s incredibly confused by MultichainOrg’s messaging here,” tweeted ChainLinkGod.eth 2.0, a commentator and podcaster — including screenshots of Multichain’s posts that claimed that “funds were safe and unsafe at the same time.”

I can’t be the only one who’s incredibly confused by @MultichainOrg’s messaging here

Schrodinger‘s funds, both safe and unsafe at the same time pic.twitter.com/AW8s8aAhHk

— Zach Rynes | CLG (@ChainLinkGod) January 19, 2022

____

Learn more:
– Crypto Security in 2022: Prepare for More DeFi Hacks, Exchange Outages, and Noob Mistakes 
– Top Risks for DeFi Users and Investors According to Moody’s and Gauntlet

– Centralization Caused Most Decentralized Finance Hacks in 2021
– Santa Hackathon? Visor Finance Marks 7th Hack in December