On Jan. 17, the blockchain interoperability network Multichain was hacked. The team announced that a critical vulnerability affected 6 cryptos; WETH, PERI, OMT, WBNB, MATIC, and AVAX. The company mentioned that it fixed the vulnerability, and transactions could be done safely.
Related: Hackers modified dnSpy debugger for hidden crypto mining
However, Multichain urged users to remove approvals for the mentioned tokens. Otherwise, the assets continue to be at risk. To prevent users from losing assets, Multichain asked them not to transfer the 6 tokens before revoking approvals.
Till then, the funds remain at risk. According to the blockchain security and data analytics company, PeckShield, stolen funds were transferred to the address holding 450 Ethers worth around $1.3 million.
One of the hackers, who had taken $200.000 exploiting the bug, offered to return 80% of the assets he took.
Through a blockchain transaction, introducing themselves as whitehat, the hacker said to users that lost WETH, send them the transaction and they would give 80% back. Replying to the hacker, Multichain said it hopes the hackers would return the tokens to a blockchain address they mentioned in the note.
Security research manager, co-founder of crypto wallet ZenGo, Tal Be'ery tweeted that Multichain reached out to the attackers via a transaction, offering them a bounty.