Cross-chain router protocol Multichain has recovered nearly 50 percent of funds stolen in last month’s hack, amounting to US$2.6 million in cryptocurrencies.
After a month-long fight against the exploit, the Multichain team has also announced a compensation plan for affected users.
On January 10, blockchain security expert Dedaub alerted Multichain to two vulnerabilities in its liquidity pool and router contracts, affecting eight cryptocurrencies including wrapped ETH (WETH), wrapped BNB (WBNB), Polygon (MATIC) and Avalanche (AVAX).
Multichain Enacts Emergency Damage Control
A week later, the Multichain team advised users to revoke approvals for the vulnerable smart contracts as a means of immediate damage control. However, the warning announcement only encouraged more hackers to try the exploit, resulting in losses exceeding US$3 million.
Risk Remains for Users Yet to Revoke Contract Approvals
Multichain advised that the vulnerability of the liquidity pool had been fixed by upgrading the affected tokens’ liquidity to new contracts, but warned: “The risk remains for users who have yet to revoke approvals for the affected router contracts. Importantly, users themselves have to be the ones to revoke the approvals.”
Late last week, Multichain reported that 4,861 of the 7,962 affected users had revoked approvals while advising the remaining 3,101 addresses to take action as soon as possible. Of the 1,889.6612 WETH and 833.4191 AVAX stolen funds, the team was able to recover 912.7984 WETH and 125 AVAX (worth nearly US$2.55 million and $10,000, respectively).
“However, in spite of our best efforts, a total of 976.8628 WETH has been stolen,” confirmed Multichain. To be eligible for compensation through reimbursement of losses, Multichain asked users to submit a ticket on the website by February 18.