Multichain Says $1.4M in Ether Siphoned From Users Who Failed to Update Approvals

The cross-chain bridge urged users to remove approvals for six tokens after it was alerted to a security flaw.

AccessTimeIconJan 18, 2022 at 11:14 a.m. UTC
Updated May 11, 2023 at 3:40 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Multichain users who didn't update their approvals as instructed yesterday have been exploited and have lost 445 wrapped ether ($1.4 million), the project tweeted on Tuesday.

  • On Monday, Multichain instructed its users to remove approvals for six tokens and said otherwise their assets would be exposed to a security vulnerability. The tokens in question were WETH, PERI, OMT, WBNB, MATIC and AVAX.
  • Decentralized finance security firm Dedaub first found the flaw, which Multichain said it had fixed.
  • Later on Tuesday, crypto security firm PeckShield revealed the wallet address where the stolen funds had been deposited. The address holds 455 ether as of the time of writing.
  • Because the users have to be the ones to remove the approvals, there isn't much Multichain can do, PeckShield told CoinDesk in a Twitter message.
  • Multichain, formerly Anyswap, is a cross-chain bridge which raised $60 million in December in a seed funding round that was led by Binance Labs.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Eliza Gkritsi

Eliza Gkritsi is a CoinDesk contributor focused on the intersection of crypto and AI.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Read more about