{"id":56266,"date":"2022-01-20T15:55:55","date_gmt":"2022-01-20T13:55:55","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=56266"},"modified":"2025-09-04T05:33:49","modified_gmt":"2025-09-04T02:33:49","slug":"the-amount-stolen-from-multichain-users-has-reached-3-million","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/the-amount-stolen-from-multichain-users-has-reached-3-million\/","title":{"rendered":"The amount stolen from Multichain users has reached $3 million"},"content":{"rendered":"<p>Unknown actors continue to exploit a vulnerability in the Multichain cross-chain protocol, which developers disclosed earlier in the week. According to Tal Be&#8217;ery, the chief technology officer of the ZenGo crypto wallet, hackers have already withdrawn around $3 million in digital assets.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The <a href=\"https:\/\/twitter.com\/MultichainOrg?ref_src=twsrc%5Etfw\">@MultichainOrg<\/a> hack is far from being over.<br \/>Over the last hours more than additional $1M stolen, rising the total stolen amount to $3M.<br \/>One victim lost $960K!<a href=\"https:\/\/t.co\/fYhYxUojB8\">https:\/\/t.co\/fYhYxUojB8<\/a> <a href=\"https:\/\/t.co\/Gvh5hB6t6s\">pic.twitter.com\/Gvh5hB6t6s<\/a><\/p>\n<p>\u2014 Tal Be&#8217;ery (@TalBeerySec) <a href=\"https:\/\/twitter.com\/TalBeerySec\/status\/1483898136678617089?ref_src=twsrc%5Etfw\">January 19, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>On Monday, January 17, <a href=\"https:\/\/u1f987.com\/en\/news\/multichain-cross-chain-protocol-fixes-critical-vulnerability\">the Multichain team reported a vulnerability<\/a> affecting six tokens: WETH, PERI, OMT, WBNB, MATIC and AVAX. The next day PeckShield analysts said that unknown actors exploited the exploit and withdrew more than 450 ETH (about $1.4 million at the price at the time).<\/p>\n<p>Later the protocol developers said the incident affected 445 users. Representatives of the project urged following the published instructions to keep funds safe.<\/p>\n<p>Be&#8217;ery noted that one of the attackers&#8217; victims lost about $960,000. The victim left an Ethereum blockchain entry requesting the return of the cryptocurrency for a reward.<\/p>\n<p>The hacker accepted the offer and returned the assets in exchange for 50 ETH (about $157,200).<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">And it&#8217;s a deal!<br \/>The <a href=\"https:\/\/twitter.com\/hashtag\/multichain?src=hash&#038;ref_src=twsrc%5Etfw\">#multichain<\/a> attacker \/ &#8220;white hat&#8221; returned the funds to the ~$1M, minus $150K &#8220;tip&#8221; as offered by the victim.<a href=\"https:\/\/twitter.com\/hashtag\/MultichainHack?src=hash&#038;ref_src=twsrc%5Etfw\">#MultichainHack<\/a> <a href=\"https:\/\/t.co\/jAX6furhHi\">https:\/\/t.co\/jAX6furhHi<\/a> <a href=\"https:\/\/t.co\/EkGvwifoef\">pic.twitter.com\/EkGvwifoef<\/a><\/p>\n<p>\u2014 Tal Be&#8217;ery (@TalBeerySec) <a href=\"https:\/\/twitter.com\/TalBeerySec\/status\/1484056243446636544?ref_src=twsrc%5Etfw\">January 20, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u00ab\u041f\u0440\u0435\u0436\u0434\u0435 \u0432\u0441\u0435\u0433\u043e, \u0441\u043f\u0430\u0441\u0438\u0431\u043e, \u0447\u0442\u043e \u0432\u044b \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 WETH. \u042f \u043d\u0435 \u0437\u043d\u0430\u043b \u043e \u0432\u0437\u043b\u043e\u043c\u0435 \u0438 \u043e\u0441\u043e\u0437\u043d\u0430\u043b \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044e \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0442\u043e\u043c\u0443, \u0447\u0442\u043e WETH \u0442\u0430\u043a \u0438 \u043d\u0435 \u043f\u043e\u0441\u0442\u0443\u043f\u0438\u043b\u0438 \u0432 \u043c\u043e\u0439 \u043a\u043e\u0448\u0435\u043b\u0435\u043a \u043f\u043e\u0441\u043b\u0435 \u0442\u0440\u0430\u043d\u0437\u0430\u043a\u0446\u0438\u0438 \u043d\u0430 CowSwap. \u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u0441\u0442\u043e\u044f\u0449\u0443\u044e \u043d\u0430 \u043a\u043e\u043d\u0443 \u0441\u0443\u043c\u043c\u0443, \u043f\u0440\u0438\u043d\u044f\u043b\u0438 \u0431\u044b \u0432\u044b 50 ETH \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0441\u043f\u0440\u0430\u0432\u0435\u0434\u043b\u0438\u0432\u044b\u0445 \u0447\u0430\u0435\u0432\u044b\u0445?\u00bb, \u2014 \u043d\u0430\u043f\u0438\u0441\u0430\u043b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0432 \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0438 \u043a \u0445\u0430\u043a\u0435\u0440\u0443.<\/p>\n<\/blockquote>\n<p>Be&#8217;ery noted that the Multichain developers also contacted the attackers. He pointed out that they contacted the <a href=\"https:\/\/etherscan.io\/address\/0x4986e9017ea60e7afcd10d844f85c80912c3863c\">\u0430\u0434\u0440\u0435\u0441\u043e\u043c<\/a>, on which 445 ETH of the stolen funds were stored, and offered a bounty for the discovered exploit.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Seems like <a href=\"https:\/\/twitter.com\/MultichainOrg?ref_src=twsrc%5Etfw\">@MultichainOrg<\/a> reached out to the attackers offering them &#8220;bounty&#8221; (or in other words, actually paying ransom)<a href=\"https:\/\/t.co\/DzUGUF3vX0\">https:\/\/t.co\/DzUGUF3vX0<\/a> <a href=\"https:\/\/t.co\/iKLh0HCBXG\">https:\/\/t.co\/iKLh0HCBXG<\/a> <a href=\"https:\/\/t.co\/yC3QEeiZhJ\">pic.twitter.com\/yC3QEeiZhJ<\/a><\/p>\n<p>\u2014 Tal Be&#8217;ery (@TalBeerySec) <a href=\"https:\/\/twitter.com\/TalBeerySec\/status\/1483550455536005135?ref_src=twsrc%5Etfw\">January 18, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Meanwhile PeckShield reported another Multichain vulnerability affecting cross-chain bridge liquidity providers. The firm noted that the developers used an administrator key to move funds out of the affected contracts. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">FWIW: We are talking about a different exploitation that affects the bridge LP providers, instead of approving users. The vulnerability is of the same nature of the one being exploited in-the-wild. Fortunately, the team exercises the MPC admin key for fund rescue\/migration.<\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1484066804792135680?ref_src=twsrc%5Etfw\">January 20, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The project&#8217;s community criticized the team for providing ambiguous information about the incident and for insufficient user support. The Multichain Twitter account disabled the ability to comment on posts.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">I can\u2019t be the only one who\u2019s incredibly confused by <a href=\"https:\/\/twitter.com\/MultichainOrg?ref_src=twsrc%5Etfw\">@MultichainOrg<\/a>\u2019s messaging here <\/p>\n<p>Schrodinger\u2018s funds, both safe and unsafe at the same time <a href=\"https:\/\/t.co\/AW8s8aAhHk\">pic.twitter.com\/AW8s8aAhHk<\/a><\/p>\n<p>\u2014 ChainLinkGod.eth 2.0 (@ChainLinkGod) <a href=\"https:\/\/twitter.com\/ChainLinkGod\/status\/1483822911043473412?ref_src=twsrc%5Etfw\">January 19, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In a discussion with <a href=\"https:\/\/www.vice.com\/en\/article\/epxb8m\/crypto-protocol-publicly-announces-flaw-users-relentlessly-owned-by-hackers\">Vice<\/a>, the Multichain Telegram channel administrator going by the nickname Marcel said the team is taking certain steps, though not publicly announcing them.<\/p>\n<p>Back in December 2021, <a href=\"https:\/\/u1f987.com\/en\/news\/multichain-cross-chain-protocol-raises-60-million-from-binance-labs-circle-ventures-and-tron-foundation\">Multichain attracted $60 million<\/a> from Binance Labs, Circle Ventures and the Tron Foundation.<\/p>\n<p>Subscribe to ForkLog news on <a href=\"https:\/\/vk.com\/forklogcom\" target=\"_blank\" rel=\"nofollow noopener\">VK<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Unknown actors continue to exploit a vulnerability in the Multichain cross-chain protocol, which developers disclosed earlier in the week. According to Tal Be&#8217;ery, the chief technology officer of the ZenGo crypto wallet, hackers have already withdrawn around $3 million in digital assets.<\/p>\n","protected":false},"author":1,"featured_media":56267,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1301,1154,2277],"class_list":["post-56266","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain-vulnerabilities","tag-crimes","tag-multichain"],"aioseo_notices":[],"amp_enabled":true,"views":"15","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/56266","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=56266"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/56266\/revisions"}],"predecessor-version":[{"id":56268,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/56266\/revisions\/56268"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/56267"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=56266"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=56266"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=56266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}