Multichain asks users to revoke approvals amid ‘critical vulnerability’

Published at: Jan. 18, 2022

Cross-chain router protocol Multichain (formerly Anyswap) urges users to revoke approvals for six tokens to avoid loss due to a “critical vulnerability” that is currently being exploited by malicious individuals.

Users who approved WETH, PERI, OMT, WBNB, MATIC and AVAX on the Multichain platform are now at risk, experts warn. To avoid loss, the Multichain team advises users to cancel all of the approvals given to the specified tokens so that they can protect their crypto assets.

Multichain also published a step-by-step tutorial on how users can easily revoke approvals. In a tweet, The firm also advised users not to transfer any of the affected tokens before revoking the approvals.

The vulnerability was first detected by a security firm called Dedaub and was reported to the Multichain team. The problem was then fixed, and Multichain reports that all digital assets their V2 Bridge and V3 Router are secured.

However, at the moment, hackers are still exploiting the vulnerability to gain access to users’ funds. At the time of writing, Multichain reports that a total of 445 WETH ($1,412,274.25) is affected.

Please revoke your approvals ASAP. Someone is exploiting this. https://t.co/fFGcrjNN0e

— Dedaub (@dedaub) January 18, 2022

Related: DeFi protocol Grim Finance lost $30M in 5x reentrancy hack

Meanwhile, reports show that hacks and scams took over $10.2 billion from users in 2021. However, despite the losses, the community is taking the appropriate measures to adjust. CEO and founder of security Immunefi, Mitchell Amador recently told Cointelegraph that “Despite the appearance of entirely new vulnerabilities in the on-chain economy, the community is adapting rapidly.” According to Amador, the community is circulating the “best practices” for securing their digital assets.

Aside from Immunefi, many digital asset security firms are watching out for possible hacks, scams, and rug pulls. Earlier this month, Certik identified Arbix Finance as a rug pull, warning users to stay away from the project to protect their digital assets.

Tags
Related Posts
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'
On Thursday, Jump Crypto, a crypto venture capital firm that owns Certus One, the developer of the Wormhole token bridge, announced it had deposited 120 thousand Ether (ETH) into a Solana-Ethereum bridge that suffered a devastating exploit. The day prior, hackers fraudulently minted 120 thousand wrapped Ether (wETH) worth $321 million on the Solana (SOL) platform, then redeemed 93,750 wETH for ETH on the Ethereum network while swapping the rest for other altcoins on the Solana network. The cross-chain ETH-wETH is supposed to have an exchange ratio of 1:1 against one another. Therefore, unauthorized minting of wETH leads to significant …
Technology / Feb. 3, 2022
STEPN impersonators stealing users' seed phrases, warn security experts
Peckshield, a prominent blockchain security firm, exposed the existence of numerous phishing websites for the Web3 lifestyle app STEPN on Monday. Hackers insert a forged MetaMask browser plugin through which they can steal seed phrases from unsuspecting STEPN users, according to Peckshield. When these cybercriminals obtain the seed phrase, they gain complete control over the STEPN user's dashboard where they may connect their stolen wallets to their own or "claim" a giveaway as per Peckshield. #PeckShieldAlert #phishing PeckShield has detected a bath of @Stepnofficial phishing sites. They insert a false Metamask browser extension leading to stealing your seed phrase or …
Adoption / April 25, 2022
Rari Fuze hacker offered $10M bounty by Fei Protocol to return $80M loot
Decentralized finance (DeFi) platform Fei Protocol offered a $10 million bounty to hackers in an attempt to negotiate and retrieve a major chunk of the stolen funds from various Rari Fuse pools worth $79,348,385.61 — nearly $80 million. On Saturday, Fei Protocol informed its investors about an exploit across numerous Rari Capital Fuse pools while requesting the hackers to return the stolen funds against a $10 million bounty and a “no questions asked” commitment. We are aware of an exploit on various Rari Fuse pools. We have identified the root cause and paused all borrowing to mitigate further damage. To …
Blockchain / May 1, 2022
DeFi exploits and access control hacks cost crypto investors billions in 2022: Report
Cyber criminals used a variety of novel ways to carry out hacks and exploits in 2022, with over $2.8 billion of cryptocurrency stolen last year. According to a report from CoinGecko using data sourced from DeFiYield’s REKT Database, nearly half of the total crypto stolen in 2022 was fleeced using diverse methods. This includes bypassing verification processes, market manipulation, ‘crowd looting’ as well as smart contract and bridge exploits. The biggest hack of 2022 was carried out through an access control hack. Sky Mavis, the developer behind popular game Axie Infinity, saw its Ronin bridge hacked in March 2022, leading …
Blockchain / Feb. 13, 2023
Hope Finance exploit results in $2M stolen from users' funds
Prospective users of an Arbitrum-based decentralized finance (DeFi) project have been left out of pocket following a $2 million exploit. Web3 security firm CertiK flagged the incident on Feb. 21, following an announcement from the Hope Finance Twitter account notifying users that they had been scammed. #CommunityAlert @hope_fin have announced the community has been scammed for ~$2m making this the largest #exitscam on Arbitrum in 2023. $1.86m was transferred to @TornadoCash. Hope_fin have posted steps for user's to withdraw their staked LPhttps://t.co/hJbFXiKujt — CertiK Alert (@CertiKAlert) February 21, 2023 Details of the project are difficult to come by. The platform’s …
Blockchain / Feb. 21, 2023