Wednesday, September 27

DeFi project has error that allows theft of ETH, BNB and MATIC from whoever has the token | Bitcoin Portal

Multichain, a cross-chain protocol that allows communication between tokens from different blockchains over DeFi, has found a critical vulnerability in its code that affects MATIC, AVAX, PERI, OMT tokens, as well as synthetic versions of Ethereum. and Binance Coin (wETH and wBNB).

The flaw was identified by analysts at security firm Dedaub and fixed by Multichain, but that doesn’t mean users’ funds are safe.

the project team informed on its blog this Monday (17) that users who have interacted with the six cryptocurrencies previously through their protocol, should act urgently so as not to lose their funds.

“If you have ever approved any of these 6 tokens on the Router (WETH, PERI, OMT, WBNB, MATIC, AVAX), log in to to remove any approvals from the 6 tokens ASAP. Otherwise, your assets will be at risk.”

Despite the warning, not all users were able to act in time. In the early hours of this Tuesday (18), the Multichain team communicated on Twitter that hackers managed to exploit the wallet of users who had not yet revoked the permissions of the affected tokens and managed to steal 445 wETH. At the current price of $1,157 for ether, the stolen amount is equivalent to $1.4 million.

It is not possible to know if there are still funds that could be stolen if the flaw continues to be exploited. Multichain said it will only release the technical details about the vulnerability in the future.

Meanwhile, the project has ensured that all cross-chain transactions can be done safely by investors who have already revoked permissions on the six affected tokens.

The history of Multichain attacks

This is not the first time that the protocol — which in the past was called Anyswap — has encountered a problem with its smart contracts. In July 2021, Anyswap’s Prototype Router V3 was explored.

At the time, hackers managed to steal 2.3 million USDC and 5.5 million MIM from liquidity pools, amounts that at quotes at the time were equivalent to US$ 7.9 million.

The project reimbursed all community members who were affected by the attack and promised to improve the security of their contracts so that a similar incident would not happen again.

As seen in today’s case, Multichain still faces some technical challenges, even though it is a widely used service in the industry.

According to data from DeFi Calls, Multichain is currently among the top ten DeFi protocols on the market, with a total locked value (TVL) of $8.1 billion.

A few weeks ago, Binance Labs — the exchange’s venture capital arm — led a US$60 million contribution to Multichain, money that would be used to increase the team focused on improving the project’s crypto algorithm and performing security audits.