Multichain recovers $2.6M stolen funds, to reimburse losses on condition

Published at: Feb. 19, 2022

After a month-long fight against an ongoing exploit, cross-chain router protocol Multichain announced the recovery of nearly 50% of the total stolen funds, worth nearly $2.6 million of cryptocurrencies. The team has also released a compensation plan to reimburse the users’ losses.

On Jan. 10, blockchain security expert Dedaub alerted Multichain about two vulnerabilities in its liquidity pool and router contracts — affecting eight cryptocurrencies including wrapped ETH (WETH), wrapped BNB (WBNB), Polygon (MATIC) and Avalanche (AVAX).

1/3 We recently identified the "phantom functions" code pattern, which would have led to likely the largest crypto hack ever.Your code may be vulnerable! You need to check for the pattern in your Solidity/EVM code! https://t.co/pxRqCQFbnS

— Dedaub (@dedaub) January 27, 2022

A week later on Jan. 18, the Multichain team advised users to revoke approvals for the vulnerable smart contracts as a means of immediate damage control. However, as Cointelegraph reported, the warning announcement encouraged more hackers to try the exploit, resulting in losses exceeding $3 million.

The @MultichainOrg hack is far from being over.Over the last hours more than additional $1M stolen, rising the total stolen amount to $3M.One victim lost $960K!https://t.co/fYhYxUojB8 pic.twitter.com/Gvh5hB6t6s

— Tal Be'ery (@TalBeerySec) January 19, 2022

According to Multichain, the vulnerability of the liquidity pool was fixed by upgrading the affected tokens’ liquidity to new contracts, adding:

“However, the risk remains for the users who have yet to revoke approvals for the affected router contracts. Importantly, users themselves have to be the ones to revoke the approvals.”

As of Feb. 18, Multichain reported that 4,861 out of the 7,962 affected users have revoked approvals while advising the remaining 3,101 addresses to take action as soon as possible. Out of the 1,889.6612 WETH and 833.4191 AVAX stolen funds, the team was able to recover 912.7984 WETH and 125 AVAX (worth nearly $2.55 million and $10,000 respectively).

“However, in spite of our best efforts, a total of 976.8628 WETH has been stolen,” confirmed Multichain. To be eligible for compensation through reimbursement of losses, Multichain has asked users to revoked their approval and submit a ticket on the website. “As such, we will no longer reimburse any losses that happen after February 18 24:00 UTC.”

Related: Netflix announces new series on Bitfinex hack involving 120,000 Bitcoin

Netflix will soon produce and launch a documentary series circled around a New York-based couple and their involvement in laundering Bitcoin (BTC) linked to the Bitfinex hack.

As Cointelegraph reported, the documentary will be directed by American filmmaker Chris Smith with Nick Bilton as the co-executive producer. The announcement read:

“Netflix has ordered a documentary series about a married couple’s alleged scheme to launder billions of dollars worth of stolen cryptocurrency in the biggest criminal financial crime case in history.”
Tags
Related Posts
Huobi and Shiba Inu community to help BitMart overcome $200M hack
Following a near $200 million hack on the BitMart exchange, the Shiba Inu (SHIB) community and crypto exchange Huobi Global aim to help the exchange strengthen security and track inflows of stolen assets. On Dec. 5, crypto exchange BitMart became victim to a hot wallet compromise hosted over the Ethereum (ETH) and Binance Smart Chain (BSC) blockchains. As a result, the hackers were able to steal over $196 million, roughly $100 million over the Ethernet network and around $96 million over the BSC blockchain. 1/3 We have identified a large-scale security breach related to one of our ETH hot wallets …
Blockchain / Dec. 6, 2021
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'
On Thursday, Jump Crypto, a crypto venture capital firm that owns Certus One, the developer of the Wormhole token bridge, announced it had deposited 120 thousand Ether (ETH) into a Solana-Ethereum bridge that suffered a devastating exploit. The day prior, hackers fraudulently minted 120 thousand wrapped Ether (wETH) worth $321 million on the Solana (SOL) platform, then redeemed 93,750 wETH for ETH on the Ethereum network while swapping the rest for other altcoins on the Solana network. The cross-chain ETH-wETH is supposed to have an exchange ratio of 1:1 against one another. Therefore, unauthorized minting of wETH leads to significant …
Technology / Feb. 3, 2022
Security firms are making it more difficult for scammers to get away with DeFi project hacks
The rise of community-oriented blockchain security companies may be making it more difficult for alleged bad actors to get away without a trace. Early Wednesday, CertiK issued a community alert regarding Flurry Finance, where its smart contracts were allegedly breached by hackers, leading to $293,000 worth of funds being stolen. Shortly after the incident, CertiK published the wallet addresses of the alleged perpetrator, the address of the malicious token contract, and a PancakeSwap pair address allegedly involved in the attack, leading to a warning issued on BscScan. While the firm audited the project's smart contracts, it appears that the exploit …
Adoption / Feb. 23, 2022
Tornado Cash says it's using Chainalysis oracles to block access from OFAC sanctioned addresses
On Friday, Tornado Cash announced that it was using oracle contracts from Chainalysis to block wallet addresses sanctioned by the U.S. Office of Foreign Assets Control, or OFAC. The move comes after the U.S. Department of the Treasury linked North Korean cybercriminal Lazarus Group as an alleged perpetrator for the recent $600 million+ Ronin Bridge exploit. As told by blockchain analytics firm Elliptic, the hackers have sent approximately $80.3 million worth of Ether (ETH) through Tornado Cash. "Maintaining financial privacy is essential to preserving our freedom; however, it should not come at the cost of non-compliance," said the Tornado Cash …
Technology / April 15, 2022
Crypto hacks are set to hit all-time highs in 2022, analyst explains
Reducing the amount of hacking by improving cybersecurity should be considered a top priority for the crypto industry, said Kim Grauer, director of research of blockchain intelligence firm Chainalysis. As pointed out by the firm, this year could outpace 2021 in terms of crypto stolen through hacks. The vast majority of these exploits have been targeting the field of decentralized finance. “This can't go on in the industry because people are going to lose faith in investing in DeFi platforms”, Grauer said in an interview with Cointelegraph. Unlike centralized exchanges, which have improved their resiliency to crypto hacks, decentralized protocols …
Blockchain / Oct. 19, 2022