{"id":396528,"date":"2022-01-20T08:31:56","date_gmt":"2022-01-20T05:31:56","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/multichain-under-fire-from-users-as-hacking-losses-grow-to-3m\/"},"modified":"2022-01-20T08:31:56","modified_gmt":"2022-01-20T05:31:56","slug":"multichain-under-fire-from-users-as-hacking-losses-grow-to-3m","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/multichain-under-fire-from-users-as-hacking-losses-grow-to-3m\/","title":{"rendered":"# Multichain under fire from users as hacking losses grow to $3M"},"content":{"rendered":"<p>&#8220;<strong># Multichain under fire from users as hacking losses grow to $3M <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDEvMTJjMTIzMjUtN2EyNS00OWRjLTkzYzgtOTE2YTQ2ZjhmYzlmLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-128018ef>Hackers have continued to exploit a critical vulnerability in the cross-chain router protocol (CRP) Multichain that first <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>eared on Jan 17.<\/p>\n<p>Earlier this week, Multichain urged users to revoke approvals for six tokens to protect their assets from being exploited by malicious individuals. <\/p>\n<p>However Multichain&#8217;s announcement on Jan. 17 encouraged more hackers to try the exploit. One stole $1.43 million, another offered to return 80% while keeping the rest as a tip. According to Tal Be\u2019ery, the co-founder of the ZenGo wallet, the stolen amount has now risen to $3 million. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/MultichainOrg?ref_src=twsrc%5Etfw\">@MultichainOrg<\/a> hack is far from being over.<br \/>Over the last hours more than additional $1M stolen, rising the total stolen amount to $3M.<br \/>One victim lost $960K!<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/fYhYxUojB8\">https:\/\/t.co\/fYhYxUojB8<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/Gvh5hB6t6s\">pic.twitter.com\/Gvh5hB6t6s<\/a><\/p>\n<p>\u2014 Tal Be&#8217;ery (@TalBeerySec) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/TalBeerySec\/status\/1483898136678617089?ref_src=twsrc%5Etfw\">January 19, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\nSix supported tokens are still subject to the security vulnerability including WETH, PERI, OMT, WBNB, MATIC, and AVAX.<\/p>\n<p>Users have accused the company on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">social media<\/a> of not providing them with clear enough information or support regarding the situation. One user <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/TalBeerySec\/status\/1483898136678617089?s=20\">who lost<\/a> $960k <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/TalBeerySec\/status\/1483903235144441862?s=20\">offered 50 ETH<\/a> to the hacker\u2019s address in return for the remaining funds.<\/p>\n<p>The company claimed on Jan.17 that the critical vulnerability affecting the six tokens had been <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/MultichainOrg\/status\/1483110393543544832?s=20\">reported and fixed<\/a> on Jan. 17, but on Jan. 19 it again reminded users to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/MultichainOrg\/status\/1483733455296860160?s=20\">revoke approvals of the tokens<\/a>. Multichain has since turned off the comments on its recent tweets. <\/p>\n<p>Crypto Twitter figure \u201cChainLinkGod\u201d <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/ChainLinkGod\/status\/1483822911043473412?s=20\">said<\/a> that he was \u201cincredibly confused\u201d by the platform\u2019s message, while \u201cdrarreg17\u201d <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/drarreg17\/status\/1483760292643610631?s=20\">asked<\/a> Multichain what it was going to do to \u201ccompensate users like myself who were affected by the exploits?\u201d<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">I can\u2019t be the only one who\u2019s incredibly confused by <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/MultichainOrg?ref_src=twsrc%5Etfw\">@MultichainOrg<\/a>\u2019s messaging here <\/p>\n<p>Schrodinger\u2018s funds, both safe and unsafe at the same time <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/AW8s8aAhHk\">pic.twitter.com\/AW8s8aAhHk<\/a><\/p>\n<p>\u2014 ChainLinkGod.eth 2.0 (@ChainLinkGod) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/ChainLinkGod\/status\/1483822911043473412?ref_src=twsrc%5Etfw\">January 19, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><em><strong>Related: Multichain asks users to revoke approvals amid \u2018critical vulnerability\u2019<\/strong><\/em><\/p>\n<p>Unhappy users posting in the company\u2019s Telegram group today complain\u00a0 Multichain has not been able to resolve the security vulnerability yet, nor has it been able to provide its users with the support they seek.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Seems like <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/MultichainOrg?ref_src=twsrc%5Etfw\">@MultichainOrg<\/a> reached out to the attackers offering them &#8220;bounty&#8221; (or in other words, actually paying ransom)<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/DzUGUF3vX0\">https:\/\/t.co\/DzUGUF3vX0<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/iKLh0HCBXG\">https:\/\/t.co\/iKLh0HCBXG<\/a> <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/yC3QEeiZhJ\">pic.twitter.com\/yC3QEeiZhJ<\/a><\/p>\n<p>\u2014 Tal Be&#8217;ery (@TalBeerySec) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/TalBeerySec\/status\/1483550455536005135?ref_src=twsrc%5Etfw\">January 18, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to Be\u2019ery, the company reached out to the original address that has been holding over 450 ETH ($1.43 million) in stolen funds since Jan. 18 and offered the hacker or hackers a bug \u201cbounty for exploits.\u201d <\/p>\n<p>Multichain (formerly Anyswap) envisions being the ultimate router for Web 3.0. The ecosystem supports 30 chains, including Bitcoin (BTC), Avalanche (AVAX), Ethereum (ETH), Fantom (FTM), Litecoin (LTC), and Terra (LUNA), and offers no-slippage swapping. <\/p>\n<p>With nearly $9 billion in TVL, it is unclear when and how Multichain will sort the situation. Cointelegraph has contacted the project for comment. <\/p>\n<p><template data-name=\"subscription_form\" data-type=\"markets_outlook\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/multichain-under-fire-from-users-as-hacking-losses-grow-to-3m\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# Multichain under fire from users as hacking losses grow to $3M &#8221; Hackers have continued to exploit a critical vulnerability in the cross-chain router protocol (CRP) Multichain that first appeared on Jan 17. Earlier this week, Multichain urged users to revoke approvals for six tokens to protect their assets from being exploited by malicious&#8230;<\/p>\n","protected":false},"author":1,"featured_media":396529,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMDEvMTJjMTIzMjUtN2EyNS00OWRjLTkzYzgtOTE2YTQ2ZjhmYzlmLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74894,107431,74868,74891,74880,70944],"class_list":["post-396528","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-blockchain","tag-cryptocurrency-investment","tag-defi","tag-ethereum","tag-transactions","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/396528","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=396528"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/396528\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/396529"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=396528"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=396528"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=396528"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}