Multichain Says $1.4M in Ether Siphoned From Users Who Failed to Update Approvals

The cross-chain bridge urged users to remove approvals for six tokens after it was alerted to a security flaw.

Jan 18, 2022 at 11:14 a.m. UTC
Updated Jan 18, 2022 at 5:00 p.m. UTC

Eliza Gkritsi is CoinDesk's crypto mining reporter based in Asia.

Multichain users who didn't update their approvals as instructed yesterday have been exploited and have lost 445 wrapped ether ($1.4 million), the project tweeted on Tuesday.

  • On Monday, Multichain instructed its users to remove approvals for six tokens and said otherwise their assets would be exposed to a security vulnerability. The tokens in question were WETH, PERI, OMT, WBNB, MATIC and AVAX.
  • Decentralized finance security firm Dedaub first found the flaw, which Multichain said it had fixed.
  • Later on Tuesday, crypto security firm PeckShield revealed the wallet address where the stolen funds had been deposited. The address holds 455 ether as of the time of writing.
  • Because the users have to be the ones to remove the approvals, there isn't much Multichain can do, PeckShield told CoinDesk in a Twitter message.
  • Multichain, formerly Anyswap, is a cross-chain bridge which raised $60 million in December in a seed funding round that was led by Binance Labs.

Read more about
The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Eliza Gkritsi is CoinDesk's crypto mining reporter based in Asia.

CoinDesk - Unknown

Eliza Gkritsi is CoinDesk's crypto mining reporter based in Asia.

Trending

1
CoinDesk - Unknown
After Armstrong Tweet, India's Crypto Policy Body Says No Contempt of Court Challenge vs. RBI

The Coinbase CEO last month suggested the RBI's "shadow ban" of crypto exchanges violated a Supreme Court ruling.

The Coinbase CEO last month suggested the RBI's "shadow ban" of crypto exchanges violated a Supreme Court ruling.

CoinDesk - Unknown
2
CoinDesk - Unknown
Portuguese Congress Rejects Two Bills Seeking to Tax Crypto

The proposals were submitted by two leftist parties. The government, which also seeks to apply taxes, hasn’t submitted a proposal so far.

The proposals were submitted by two leftist parties. The government, which also seeks to apply taxes, hasn’t submitted a proposal so far.

CoinDesk - Unknown
3
CoinDesk - Unknown
First Mover Asia: Regulatory Attention on Terra Could Change South Korean Trading Environment; Bitcoin Goes Sideways

The founders of two prominent crypto-related organizations said tightened restrictions could make it difficult for foreign tokens to list on Korean exchanges, discouraging projects from trying.

The founders of two prominent crypto-related organizations said tightened restrictions could make it difficult for foreign tokens to list on Korean exchanges, discouraging projects from trying.

CoinDesk - Unknown
4
CoinDesk - Unknown
A16z Doubles Down on Crypto Investments Despite Market Downturn, and NFL Launches Play-to-Earn NFT Game

The most valuable crypto stories for Wednesday, May 25, 2022.

The most valuable crypto stories for Wednesday, May 25, 2022.

CoinDesk - Unknown