Multichain under fire from users as hacking losses grow to $3M

Hackers continue to exploit the critical vulnerability in cross-chain router protocol Multichain (CRP), which first appeared Jan 17.

Multichain advised users earlier this week to cancel approvals for six tokens in order to protect their assets against being exploited maliciously.

Multichain’s Jan. 17 announcement encouraged hackers to use the exploit. One person stole $1.43million, while another offered to pay back 80% and keep the remainder as a tip. The stolen amount is now at $3 million according to Tal Be’ery (co-founder of ZenGo wallet).

The hack at @MultichainOrg is not over. The total amount stolen has risen to $3M over the past hours, with more than $1M being stolen in the last hour. One victim lost $960K!
— Tal Be’ery (@TalBeerySec), January 19, 2022

Six supported tokens, including WETH and OMT, WBNB and MATIC, are still vulnerable to the security vulnerability.

On social media, users accused the company of failing to provide them with enough information and support. In return for remaining funds, a user who had lost $960k offered 50 Ethereum to the hacker’s email address.

On Jan. 17, the company stated that the critical vulnerability affecting six tokens had been identified and fixed on January 17. However, it reminded users on Jan. 19 to cancel their approval of the tokens. Multichain has since disabled comments from its tweets.

“ChainLinkGod,” a crypto Twitter figure, said he was “incredibly confused” by the platform’s message. “drarreg17” then asked Multichain what it would do to “compensate users such as myself who were affected”

I can’t be the only one who’s incredibly confused by @MultichainOrg’s messaging here Schrodinger’s funds, both safe and unsafe at the same time
January 19, 2022 — ChainLinkGod.eth 2.0 @ChainLinkGod

Related: Multichain requests users to revoke approvals in the face of ‘critical vulnerability’

Today, unhappy users posted in the Telegram group complaining that Multichain has yet to fix the security vulnerability and has not provided the support they need.

Seems like @MultichainOrg reached out to the attackers offering them “bounty” (or in other words, actually paying ransom)
— Tal Be’ery (@TalBeerySec), January 18, 2022

Be’ery claims that the company reached out the original address, which has over 450 ETH ($1.43 Million) in stolen funds from Jan. 18, and offered the hacker (or hackers) a bug “bounty to exploits.”

Multichain, formerly Anyswap, is envisioned as the ultimate Web 3.0 router. It supports 30 chains including Bitcoin (BTC), Avalanche(AVAX), Ethereum [ETH], Fantom (FTM), Litecoin (“LTC”), Terra (LUNA) and Terra (LUNA). The ecosystem also offers no-slippage Swapping.

Multichain has nearly $9 billion of TVL. It is not clear when or how Multichain will resolve the situation. Cointelegraph reached out to the project for comment.

2021's Most Anticipated Growth & Wealth-Building Opportunity

Join Thousands of Early Adopters Just Like You Who Want to Grow Capital and Truly Understand Cryptocurrency Together

Eileen Wilson

Eileen Wilson –Technology and Energy My Name is Eileen Wilson with more than 5 years of experience in the Stock market industry, I am energetic about Technology news, started my career as an author then, later climbing my way up towards success into senior positions. I can consider myself as the backbone behind the success and growth of with a dream to expand the reach out of the industry on a global scale. I am also a contributor and an editor of the Technology and Energy category. I experienced a critical analysis of companies and extracted the most noteworthy information for our vibrant investor network.

Close Bitnami banner