In Brief:
- Multichain suffered bug exploitation and lost funds worth about $1.34M.
- The bug even though fixed by the Multichain team exposed some users to the exploit.
- Multichain reminded users to revoke wallet permissions to keep their funds safe.
Multichain(previously Anyswap) reportedly lost more than 450 ETH, approximately $1.34M following bug exploitation in the protocol.
Yesterday a security vulnerability in Multichain was found, impacting six cross-chain tokens on its platform. Dedaub, a crypto-security firm, discovered the bug and Multichain stated its team had fixed the vulnerability.
Later the blockchain and security auditing firm Peckshield revealed that the bug is being exploited and reported the stolen funds worth $1.34M are currently held at this address.
Multichain asked users to log in and revoke wallet permissions granted to the six affected tokens when the bug was first found.
Multichain also explained in a blog how users can revoke permissions for the affected tokens.
The tokens were Wrapped Ethereum (WETH), PERI Finance (PERI), Mars Token (OMT), Wrapped Binance Coin (WBNB), Polygon (MATIC), and Avalanche (AVAX).
However, the protocol was unable to prevent the bug from affecting previous users who had interacted with the protocol.
Multichain confirmed that the bug is being exploited and reminded users that they must revoke permissions to keep their funds safe.
This year already started with a lot of hack attempts on various crypto platforms and probably will outpace 2021 in terms of the number of exploit events. Just yesterday Crypto.com suffered a hack attempt and allegedly lost about $15M worth of crypto assets. The platform has now resumed user withdrawals and is expected to publish a detailed report on the event later.
