The developers of the cross-chain protocol Multichain (formerly Anyswap) said they identified and fixed a vulnerability affecting six tokens: WETH, PERI, OMT, WBNB, MATIC and AVAX.
1/A critical vulnerability that affected 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX) has been reported and fixed.
All assets on both V2 Bridge and V3 Router are safe, and cross-chain transactions can be done safely.
More info👇https://t.co/Mm6yWMwlCS
— Multichain (Previously Anyswap) (@MultichainOrg) January 17, 2022
According to the developers, the issue was discovered by the security firm Dedaub. Multichain urged those who had approved any of the listed tokens to revoke their approvals. Otherwise their funds are at risk.
“No action is required from other users. […] All cross-chain transactions are safe,” the statement said.
The developers promised to disclose technical details of the incident later.
According to PeckShield, unknown actors exploited the exploit. The address cited by analysts contains more than 450 ETH (~$1.4m at the time of writing).
Stolen funds are currently held at this address, more than 450 Ether (~$1.34m)https://t.co/I8H6YXURBM
— PeckShieldAlert (@PeckShieldAlert) January 18, 2022
Multichain said that 445 users were affected by the attackers’ actions. Project representatives urged following the previously published instructions to keep funds safe.
⚠️⚠️Users haven’t revoked weth approval are currently being exploited (445weth total affected)! Remove approvals here: https://t.co/S9nDfrtS0G , as per yesterday’s instructions (https://t.co/CBD4AdgzI6), to be sure your funds are safe.
— Multichain (Previously Anyswap) (@MultichainOrg) January 18, 2022
As a reminder, in December 2021 Multichain raised $60m from Binance Labs, Circle Ventures and the Tron Foundation.
Follow ForkLog news on VK!