After a month-long fight against an ongoing exploit, cross-chain router protocol Multichain announced the recovery of nearly 50% of the total stolen funds, worth nearly $2.6 million in cryptocurrencies. The team has also released a compensation plan to reimburse users’ losses.
On Jan. 10, blockchain security expert Dedaub alerted Multichain about two vulnerabilities in its liquidity pool and router contracts — affecting eight cryptocurrencies including wrapped ETH (WETH), wrapped BNB (WBNB), Polygon (MATIC) and Avalanche (AVAX).
1/3 We recently identified the "phantom functions" code pattern, which would have led to likely the largest crypto hack ever.— Dedaub (@dedaub) January 27, 2022
Your code may be vulnerable! You need to check for the pattern in your Solidity/EVM code! https://t.co/pxRqCQFbnS
A week later, on Jan. 18, the Multichain team advised users to revoke approvals for the vulnerable smart contracts as a means of immediate damage control. However, as Cointelegraph reported, the warning announcement encouraged more hackers to try the exploit, resulting in losses exceeding $3 million.
The @MultichainOrg hack is far from being over.— Tal Be'ery (@TalBeerySec) January 19, 2022
Over the last hours more than additional $1M stolen, rising the total stolen amount to $3M.
One victim lost $960K!https://t.co/fYhYxUojB8 pic.twitter.com/Gvh5hB6t6s
According to Multichain, the vulnerability of the liquidity pool was fixed by upgrading the affected tokens’ liquidity to new contracts, adding:
“However, the risk remains for the users who have yet to revoke approvals for the affected router contracts. Importantly, users themselves have to be the ones to revoke the approvals.”
As of Feb. 18, Multichain reported that 4,861 out of the 7,962 affected users have revoked approvals and advised the remaining 3,101 addresses to take action as soon as possible. Of the stolen 1,889.6612 WETH and 833.4191 AVAX, the team was able to recover 912.7984 WETH and 125 AVAX (worth nearly $2.55 million and $10,000 respectively).
“However, in spite of our best efforts, a total of 976.8628 WETH has been stolen,” confirmed Multichain. To be eligible for compensation through reimbursement of losses, Multichain has asked users to revoked their approval and submit a ticket on the website. “As such, we will no longer reimburse any losses that happen after Feb. 18 24:00 UTC.”
Netflix will soon produce and launch a documentary series circled around a New York-based couple and their involvement in laundering Bitcoin (BTC) linked to the Bitfinex hack.
As Cointelegraph reported, the documentary will be directed by American filmmaker Chris Smith, with Nick Bilton as the co-executive producer. The announcement reads:
“Netflix has ordered a documentary series about a married couple’s alleged scheme to launder billions of dollars worth of stolen cryptocurrency in the biggest criminal financial crime case in history.”