Multichain Hacker Returns 322 ETH, Keeps 62 ETH as ‘Bug Bounty’

Huge Re-entrancy Attack: $80 Million Stolen from Rari Fuse Pool
  • Multichain claimed the critical vulnerability had been “reported and fixed.”
  • The money was returned in four separate payments.

Over the week, Multichain users lost more than $3M due to a security flaw in six tokens. More than 527 Ethereum is still untraceable even after the recovery of 322 Ethereum, which the white-hat hacker returned. One of this week’s Multichain hackers has remitted 322 ETH ($974,000) to the cross-chain routing protocol and one of the victims. As a “bug bounty,” the hacker pocketed 62 Ethereum ($187,000), while 528 Ethereum ($1.6M) remained unclaimed after the vulnerabilities.

Vulnerabilities of Six Coins

The theft of $1.43 million in WETH, PERI, OMT, WBNB, MATIC, and AVAX tokens was reported earlier this week due to a Multichain security flaw. On January 17, Multichain claimed that the critical vulnerability had been “reported and fixed.” However, due to the vulnerability’s public disclosure, many attackers pounced, stealing more than $3 million. Multichain has spent $44.5 million draining cash from numerous chain bridges to prevent severe vulnerabilities of the six coins.

Hackers calling themselves “white hat” have reached out to both Multichain and a user who lost $960,000 in the last day or two in an attempt to recover 80 percent of the money in exchange for a large finder’s fee. On January 20, Tal Be’ery, a co-founder of ZenGo wallet, posted a tweet claiming that the hacker had saved the rest of Multichain users from being attacked by bots through the act of defensive hacking.

The money was returned in four separate payments. The hacker returned 269 ETH ($813,000) to the individual he took it from in two transactions and pocketed the bug reward of $50,000 on January 20.

Content writer by profession. A crypto lover and has passion for writing. Follows the developments of digital currency right from its launch, years ago.