Main navigation

AVAX, Matic and Wrapped BNB and Ethereum Have Critical Vulnerability on Multichain, 450 ETH Stolen

News
Tue, 01/18/2022 - 10:42
article image
Arman Shirinyan
Security issues were noticed previously but, unfortunately for the protocol's users, funds were stolen
AVAX, Matic and Wrapped BNB and Ethereum Have Critical Vulnerability on Multichain, 450 ETH Stolen
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Contents

The previously reported vulnerability on Multichain's Cross-Chain Router Protocol for tokens WETH, PERI, OMT, WBNB, MATIC and AVAX has been compromised by hackers currently using the vulnerability to attack users' funds.

The warning was published by samczsun security and research analyst and PeckShield and Dedaub security firms. According to the tweet, the exploit is going on "right now." The analyst has also suggested revoking approvals from the protocol until it is too late.

The vulnerability

Previously, the vulnerability was reported by the protocol itself with the help of blockchain security firm Dedaub. As the protocol's team reported, the issue has been fixed, but at the same time, if users have ever approved any of the abovementioned tokens, the router had to remove all approvals as soon as possible.

If any of the contracts of the mentioned tokens have ever been approved by a user, he or she should revoke the approval on the protocol's page.

Related
BitMEX Group to Acquire One of Oldest Banks in Germany

Hackers succeed

As security firm PeckShield later reported, the hackers succeeded and stole approximately 450 ETH. All of the money is currently sitting in the "C3863c" address. The address has received all of the transactions in the past hour. Reportedly, around 400 users' wallets have been compromised.

It is not yet clear whether the exploit took place due to the Multichain team's inability to fix the issue or users' unwillingness to follow the previously published instructions. Given the nature of the Ethereum network, it is more likely that funds have been lost and will never be returned, especially if hackers decide to use coin mixing applications.

At press time, the funds have not been moved from the hacker's wallet.

article image
About the author

Arman Shirinyan is a trader, crypto enthusiast and SMM expert with more than four years of experience.

Arman strongly believes that cryptocurrencies and the blockchain will be of constant use in the future. Currently, he focuses on news, articles with deep analysis of crypto projects and technical analysis of cryptocurrency trading pairs.