Share this article
Multichain Says $1.4M in Ether Siphoned From Users Who Failed to Update Approvals
The cross-chain bridge urged users to remove approvals for six tokens after it was alerted to a security flaw.
Updated May 11, 2023, 3:40 p.m. Published Jan 18, 2022, 11:14 a.m. 1 min read
Multichain users who didn't update their approvals as instructed yesterday have been exploited and have lost 445 wrapped ether ($1.4 million), the project tweeted on Tuesday.
- On Monday, Multichain instructed its users to remove approvals for six tokens and said otherwise their assets would be exposed to a security vulnerability. The tokens in question were WETH, PERI, OMT, WBNB, MATIC and AVAX.
- Decentralized finance security firm Dedaub first found the flaw, which Multichain said it had fixed.
- Later on Tuesday, crypto security firm PeckShield revealed the wallet address where the stolen funds had been deposited. The address holds 455 ether as of the time of writing.
- Because the users have to be the ones to remove the approvals, there isn't much Multichain can do, PeckShield told CoinDesk in a Twitter message.
- Multichain, formerly Anyswap, is a cross-chain bridge which raised $60 million in December in a seed funding round that was led by Binance Labs.
Read more: Anyswap Rebrands to Multichain, Raises $60M Led by Binance Labs
More For You
A draft XRPL amendment notes that flash loan attacks are "structurally impossible" on the network because of how its transactions are built, an architectural quirk that has spared the chain from the exploit class that has cost Ethereum DeFi billions.
What to know:
- Recent DeFi exploits on protocols like Thorchain, Drift and KelpDAO have relied on flash loans, a mechanism that does not exist on the XRP Ledger.
- Because XRPL transactions are atomic and cannot include composable intra-transaction calls, flash loan attacks are structurally impossible on the network.
- As XRPL pursues AMM upgrades...
Top Stories
