In a dramatic twist, one of this week’s Multichain hackers has returned 322 Ether (ETH) ($974,000 at the time of writing) to the cross-chain router protocol and one of the affected users.
However, the hacker kept 62 ETH ($187,000) as a “bug bounty,” while a total of 528 ETH (worth $1.6M) remains outstanding after the exploits.
Earlier this week, news emerged of a security vulnerability with Multichain relating to Wrapped Ether (wETH), Peri Finance (PERI), Mars Token (OMT), Wrapped Binance Coin (wBNB), Polygon (MATIC) and Avalanche (AVAX), and $1.43 million was stolen. Multichain announced on Monday the critical vulnerability had been “reported and fixed.”
However, publicity about the vulnerability reportedly encouraged a number of different attackers to swoop in, and more than $3 million in funds were stolen. The critical vulnerability in the six tokens still exists, but Multichain has drained around $44.5 million of funds from multiple chain bridges to protect them.
One of the hackers, calling himself a “white hat,” has been in communication with both Multichain and a user who lost $960,000 in the past day or so to negotiate the return of 80% of the money in exchange for a hefty finder’s fee.
According to a Thursday tweet from ZenGo wallet co-founder Tal Be’ery, the hacker claimed they had been “saving the rest” of the Multichain users who were being targeted by bots in an act of defensive hacking.
The funds were returned across four transactions. On Thursday, the hacker returned 269 ETH ($813,000) in two transactions directly to the user from whom he stole it and kept a bug bounty of 50 ETH ($150,000).
The relieved user responded to the hacker:
“Well received, thank you for your honesty.”
Overnight, the hacker also returned 50 ETH ($150,000) in two transactions to the official Multichain address and kept a bug bounty of 12 ETH ($36,000).
Multichain (formerly Anyswap) aims to be the “ultimate router for Web3.” The platform supports 30 chains at the moment, including Bitcoin, Ethereum, Avalanche, Litecoin, Terra and Fantom.
In a tweet on Thursday, Multichain co-founder and CEO Zhaojun conceded that Multichain bridge contracts need a pause function to deal with similar incidents in future..
Cointelegraph has contacted the project for comment.