After a month-long fight against an ongoing exploit, cross-chain router protocol Multichain announced the recovery of nearly 50% of the total stolen funds, worth nearly $2.6 million of cryptocurrencies. The team has also released a compensation plan to reimburse the users’ losses.
On Jan. 10, blockchain security expert Dedaub alerted Multichain about two vulnerabilities in its liquidity pool and router contracts — affecting eight cryptocurrencies including wrapped ETH (WETH), wrapped BNB (WBNB), Polygon (MATIC) and Avalanche (AVAX).
1/3 We recently identified the "phantom functions" code pattern, which would have led to likely the largest crypto hack ever.Your code may be vulnerable! You need to check for the pattern in your Solidity/EVM code! https://t.co/pxRqCQFbnS
A week later on Jan. 18, the Multichain team advised users to revoke approvals for the vulnerable smart contracts as a means of immediate damage control. However, as Cointelegraph reported, the warning announcement encouraged more hackers to try the exploit, resulting in losses exceeding $3 million.
The @MultichainOrg hack is far from being over.Over the last hours more than additional $1M stolen, rising the total stolen amount to $3M.One victim lost $960K!https://t.co/fYhYxUojB8 pic.twitter.com/Gvh5hB6t6s
According to Multichain, the vulnerability of the liquidity pool was fixed by upgrading the affected tokens’ liquidity to new contracts, adding:
As of Feb. 18, Multichain reported that 4,861 out of the 7,962 affected users have revoked approvals while advising the remaining 3,101 addresses to take action as soon as possible. Out of the 1,889.6612 WETH and 833.4191 AVAX stolen funds, the team was able to recover 912.7984 WETH and 125 AVAX (worth nearly $2.55
Read more on cointelegraph.com