Multichain hacker returns 322 ETH, keeps large finders fee

Multichain users lost more than $3 million during the week due to a security vulnerability in six tokens. White hat hackers have recovered 322 ETH, but over 527 ETH are still vulnerable.

Multichain hacker returns 322 ETH

Multichain hackers have returned 322 Ether (at the time of writing $974,000) to cross-chain router protocol. And one of the affected users in a dramatic twist.

Despite this, the hacker kept 62 ETH ($187,000) as a “bug bounty”. While a total of (worth $1.6M) 528 ETH remains outstanding after the exploits.

Security vulnerability & hacker

A security vulnerability was discovered earlier this week affecting Wrapped Ether (wETH), Peri Finance (PERI), Mars Token (OMT), Wrapped Binance Coin (wBNB), Polygon (MATIC), and Avalanche (AVAX), and $1.43 million was stolen. On Monday, Multichain announced that the critical vulnerability had been “reported and fixed.”

As a result of publicity about the vulnerability, various attackers have reportedly taken advantage, stealing more than $3 million. The six tokens still have a critical vulnerability. But Multichain has removed $44.5 million in funds from the bridges to protect them.

White hat hackers

Multichain white chain hacker

An anonymous hacker called a “white hat” had contacted Multichain and a user who lost $960,000 to negotiate the return of 80% of the funds in exchange for a hefty finder’s fee.

ZenGo wallet co-founder Tal Be’ery – hackers tweet

In a tweet sent Thursday by ZenGo wallet co-founder Tal Be’ery, the hacker claimed to have “saved the rest” of the Multichain users in the act of defensive hacking.

It took four transactions to return the funds. Earlier this week, the hacker returned 269 ETH ($813,000) via two separate transactions directly to the user from whom he stole it and retained a bug bounty of 50 ETH ($150,000).
He replied to the hacker in the following way:
“Thank you so much for your honesty, I appreciate it.”

The hacker also returned 50ETH ($150,000) to the Multichain address in two transactions overnight and kept a bug bounty worth 36ETH ($36,000).

Multichain (formerly Anyswap) aims to become the “ultimate router for Web3.”

The platform currently supports 30 chains, including Bitcoin, Ethereum, Avalanche, Litecoin, Terra, and Fantom.

Multichain’s co-founder and CEO Zhaojun admitted in a tweet on Thursday that bridge contracts need a pause function to address similar incidents in the future.

Leave a Comment