The previously reported vulnerability on Multichain's Cross-Chain Router Protocol for tokens WETH, PERI, OMT, WBNB, MATIC and AVAX has been compromised by hackers currently using the vulnerability to attack users' funds.
The warning was published by samczsun security and research analyst and PeckShield and Dedaub security firms. According to the tweet, the exploit is going on "right now." The analyst has also suggested revoking approvals from the protocol until it is too late.
Previously, the vulnerability was reported by the protocol itself with the help of blockchain security firm Dedaub. As the protocol's team reported, the issue has been fixed, but at the same time, if users have ever approved any of the abovementioned tokens, the router had to remove all approvals as soon as possible.
1/A critical vulnerability that affected 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX) has been reported and fixed.— Multichain (Previously Anyswap) (@MultichainOrg) January 17, 2022
All assets on both V2 Bridge and V3 Router are safe, and cross-chain transactions can be done safely.
If any of the contracts of the mentioned tokens have ever been approved by a user, he or she should revoke the approval on the protocol's page.
As security firm PeckShield later reported, the hackers succeeded and stole approximately 450 ETH. All of the money is currently sitting in the "C3863c" address. The address has received all of the transactions in the past hour. Reportedly, around 400 users' wallets have been compromised.
Stolen funds are currently held at this address, more than 450 Ether (~$1.34m)https://t.co/I8H6YXURBM— PeckShieldAlert (@PeckShieldAlert) January 18, 2022
It is not yet clear whether the exploit took place due to the Multichain team's inability to fix the issue or users' unwillingness to follow the previously published instructions. Given the nature of the Ethereum network, it is more likely that funds have been lost and will never be returned, especially if hackers decide to use coin mixing applications.
At press time, the funds have not been moved from the hacker's wallet.