Multichain Says $1.4M in Ether Siphoned From Users Who Failed to Update Approvals

The cross-chain bridge urged users to remove approvals for six tokens after it was alerted to a security flaw.

AccessTimeIconJan 18, 2022 at 11:14 a.m. UTC
Updated Jan 18, 2022 at 5:00 p.m. UTC

Eliza Gkritsi is CoinDesk's crypto mining reporter based in Asia.

Multichain users who didn't update their approvals as instructed yesterday have been exploited and have lost 445 wrapped ether ($1.4 million), the project tweeted on Tuesday.

  • On Monday, Multichain instructed its users to remove approvals for six tokens and said otherwise their assets would be exposed to a security vulnerability. The tokens in question were WETH, PERI, OMT, WBNB, MATIC and AVAX.
  • Decentralized finance security firm Dedaub first found the flaw, which Multichain said it had fixed.
  • Later on Tuesday, crypto security firm PeckShield revealed the wallet address where the stolen funds had been deposited. The address holds 455 ether as of the time of writing.
  • Because the users have to be the ones to remove the approvals, there isn't much Multichain can do, PeckShield told CoinDesk in a Twitter message.
  • Multichain, formerly Anyswap, is a cross-chain bridge which raised $60 million in December in a seed funding round that was led by Binance Labs.

Read more about

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Eliza Gkritsi is CoinDesk's crypto mining reporter based in Asia.

CoinDesk - Unknown

Eliza Gkritsi is CoinDesk's crypto mining reporter based in Asia.