Cross-chain protocol Multichain bug gets exploited for $1.34 million

Quick Take

  • A bug in cross-chain protocol Multichain has been exploited for $1.34 million, according to researchers.
  • While the bug had already been fixed for new users, past users needed to take action to prevent themselves from being affected.

Cross-chain protocol Multichain (previously known as Anyswap) has been exploited for $1.34 million — according to security researchers PeckShield. This occured through a bug that the platform had recently dislosed.

On January 17, Multichain revealed that it had found a critical vulnerability and had fixed it. It said that the bug affected six tokens, including wrapped ether (WETH).

But the problem is that the protocol couldn’t fix the bug from affecting past users who had interacted with the protocol. Instead, this required users to manually go to their wallets and revoke permissions that they had previously given to the protocol. Multichain said that these users should do this immediately otherwise their assets would remain at risk.

It appears that many users have not done so and the bug is now being exploited.

Someone is exploiting this literally *right now*. If you haven’t revoked approvals yet you should probably do so before it’s too late,” tweeted a Paradigm researcher known as Samczsun.

PeckShield identified that the funds have been transferred to a single blockchain address.

© 2021 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Trending Stories