On Jan 17th, Multichain, a CRP (cross-chain router protocol) first experienced a vulnerability that appeared to be critical. Since then, the exploitation of this vulnerability by hackers has been going on without any respite.
Multichain Needs To Take Action, Fast
Earlier in the week, Multichain had asked its users to refuse to approve six specific tokens. This would ensure better protection for their assets against exploitation at the hands of malicious individuals.
But it seems to have backfired. The announcement by Multichain on Monday has apparently only served as encouragement for more hackers to test out the exploit. One hacker has managed to steal $1.43Mn. Another promised to give back 80% of the amount he had stolen. The rest would be considered a tip for him. ZenGo wallet’s co-founder Tal Be’ery claimed that the hackers have stolen up to $3Mn now.
The six tokens that are subject to the Multichain security vulnerability are Avalanche (AVAX), Polygon (Matic), Wrapped BNB (WBNB), Official Mars Token (OMT), Peri Finance Token (PERI), and Wrapped ETH (WETH).
Users have taken to social media to accuse Multichain of not sharing information that was clear enough. They claimed that the company has not offered support either concerning the situation. A user who had $960K stolen offered to pay 50 ETH to the address of the hacker to get back the rest of the funds.
On Monday, the company claimed that this security vulnerability has been addressed and fixed on the day itself. However, on Wednesday, the company once more issued a reminder to users to not approve the six tokens. Since then, Multichain has turned off comments on the latest tweets.
ChainLinkGod, a figure on Crypto Twitter, claimed to be “incredibly confused” by the messages of the company. Others wanted to know if the company would compensate the ones exploited in any way.