After a month-long fight against an ongoing exploit, cross-chain router protocol Multichain announced the recovery of almost 50% of the total stolen funds, worth almost $2.6 million in cryptocurrencies. The team has also launched a compensation plan to reimburse user losses.
On Jan. 10, blockchain security expert Dedaub alerted Multichain to two vulnerabilities in its liquidity pool and router contracts, affecting eight cryptocurrencies, including wrapped ETH (WETH), wrapped BNB (WBNB), Polygon (MATIC ) and Avalanche (AVAX).
1/3 We recently identified the “ghost functions” code pattern, which would have likely led to the biggest crypto hack in history.
Your code may be vulnerable! You need to check the pattern in your Solidity/EVM code! https://t.co/pxRqCQFbnS
— Dedaub (@dedaub) January 27, 2022
A week later, on January 18, the Multichain team advised users to revoke the approvals of the vulnerable smart contracts as a means of immediate damage control. However, as Cointelegraph reported, the warning announcement encouraged more hackers to try the exploit, resulting in losses in excess of $3 million.
the @MultichainOrg hack is far from over.
More than an additional $1 million was stolen in the past few hours, bringing the total amount stolen to $3 million.
One victim lost $960K! https://t.co/fYhYxUojB8 pic.twitter.com/Gvh5hB6t6s— Tal Beery (@TalBeerySec) January 19, 2022
According to Multichain, the liquidity pool vulnerability was fixed by upgrading the liquidity of affected tokens to new contracts, adding:
“However, the risk remains for users who have yet to revoke affected router contract approvals. Importantly, users themselves have to be the ones to revoke approvals.”
Daily attack sum. Source @Dune Analytics
As of February 18, Multichain reported that 4,861 of the 7,962 affected users had revoked approvals and advised the remaining 3,101 addresses to take action as soon as possible. Of the stolen funds of 1,889.6612 WETH and 833.4191 AVAX, the team was able to recover 912.7984 WETH and 125 AVAX (worth almost $2.55 million and $10,000 respectively).
“However, despite our best efforts, a total of 976.8628 WETH has been stolen,” Multichain confirmed. To be eligible for compensation through loss reimbursement, Multichain has asked users to revoke their approval and submit a ticket on the website. “As such, we will no longer reimburse losses that occur after February 18 24:00 UTC.”
Related: Netflix Announces New Series About Bitfinex Hack Involving 120,000 Bitcoin
Netflix will soon produce and release a documentary series around a New York-based couple and their involvement in Bitcoin (BTC) laundering linked to the Bitfinex hack.
As Cointelegraph reported, the documentary will be directed by American filmmaker Chris Smith with Nick Bilton serving as co-executive producer. The ad said:
“Netflix ordered a documentary series about a married couple’s alleged plot to launder billions of dollars in stolen cryptocurrency in the largest financial crimes case in history.”
This post Multichain recovers $2.6 million of stolen funds to repay losses under condition
was published first on https://cointelegraph.com/news/multichain-recovers-2-6m-stolen-funds-to-reimburse-losses-on-condition
