Multichain is a cross-chain protocol that became a victim of crypto theft after they announced that six tokens were vulnerable to hackers. In a surprise twist, one hacker turned out to be a white hat hacker, who returned 80% of the stolen amount to the protocol.
Details of the Incident
According to Multichain, a protocol that was previously known as Anyswap, the hacker has returned 322 Ether, approximately $ 1 million ($974,000 to be precise at the time of return) to the protocol and kept 62 ETH, nearly $150,000, as his bug bounty, according to a tweet from Tal Be’ery, the chief tech officer of ZenGo crypto wallet
The protocol is still at a loss of 528 ETH, which is equivalent to $1.6 million. For your information, Multichain allows users to swap tokens between blockchains.
The platform announced in a blog post that users should start removing smart contract approvals to 6 tokens that were vulnerable to hacking. These tokens include:
- Polygon (MATIC)
- Avalanche (AVAX)
- Peri Finance (PERI)
- Mars Token (OMT)
- Wrapped Ether (wETH)
- Wrapped Binance Coin (wBNB)
However, this information tipped off malicious hackers who started draining funds from the protocol’s vulnerable accounts. By Wednesday afternoon, they had stolen over $3 million. Fortunately, one of the hackers was a white hat hacker. He returned most of his stolen funds and kept some as a bug bounty.
I sent back the biggest lost back to 0x3ee. And I will send back 63 eth and keep the same percent tips as bug bounty which is around 12 eth. So if you think this percent bounty is too much or too little, pls tell me. There are still some bots targeting it, but I think most users have been notified so I stop saving the rest. And also, pls give me an address that I can make sure is under the control of your team.The Hacker
Multichain revealed that hackers stole around 602 ether. According to Tal Be’ery, one attacker stole around 450 ether and confirmed that the platform lost nearly $3 million in the hacking.
It is also suspected that several smaller players also exploited the vulnerability apart from the three main hackers. The vulnerability still exists, but the platform has drained $44.5 million from multiple chain bridges to avoid theft.