⚠️Again, a reminder to the users who have ever approved the contracts of $WETH $PERI $OMT $WBNB $MATIC $AVAX on #Multichain, please log into app.multichain.org/#/approvals to remove the approvals as instructed (medium.com/multichainorg/)
Read FAQ for more 👉 link.medium.com/l3K7tUGpWmb
Conversation
1 The reported vulnerability remains critical for the old users who had approved the six tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX) in their addresses.
We strongly urge these users to revoke their approvals immediately before sending any of these 6 tokens to their wallets again
1
4
15
Otherwise, these six tokens in your address is always at risk, risk will be eliminated instantly upon revoking approvals.
1
6
2 The old contracts with vulnerability is ditched and new contracts are developed with the vulnerability fixed which will be launched later.
1
7
3 Multichain’s other token contracts are proven safe, users can continue to use Multichain bridges with guaranteed safety.
1
1
11
🎯Actions we’ve taken:
1. Dev team keeps 24/7 tracking the hack and monitoring the affected users’ assets and all the other funds
2. Alert announcements and updates on all social channels
3. Reach and notify all the affected users through different platforms
1
19
4. Send onchain alert message to affected addresses
5. Alert banners go live at Etherscan, Polygonscan, BSCscan
6. 24/7 support service at our Help Center (submit ticket: https://
multichain.zendesk.com/hc/en-us)
1
1
14
📢Update
According to the tracking data, one whitehat hacker has returned 259 ETH (etherscan.io/address/0xfa27). At this moment, a total of 602.693538 ETH is exploited. We are trying to get more funds back.
1
9
39
For the users affected by the exploit, pls submit a ticket to our support center via multichain.zendesk.com/hc/en-us/reque
1
10
🔻Details on the three hackers
Hacker1 address:
etherscan.io/address/0x4986
Hacker1 contract1: etherscan.io/address/0x7e01
Hacker1 contract2: etherscan.io/address/0xb4f8
1
3
4
Whitehat hacker2 address1: etherscan.io/address/0xfa27
Whitehat hacker2 address2: etherscan.io/address/0x123e
Hacker2 contract: etherscan.io/address/0xb5c8
Hacker 3 address:
etherscan.io/address/0xd374
More details will be released
1
4
18
🚨Action Required:
For your funds safety, pls click on the link below and Control+F to check if your address needs revoking. If so, pls login app.multichain.org/#/approvals to revoke the approvals asap
1
10
34
Shout out to @0xlosha for protecting 125AVAX, we will return to users accordingly. Many thanks
1
5
13
As of Jan 28
1. 3735 addresses have revoked as instructed (total affected addresses:7962), while 4227 addresses still need to take action.
1
2
4
2. 941 ETH has been exploited. 901 ETH has been saved by the joint efforts of whitehats and Multichain.
1
7
24
3. Received support from , , , , , many thanks for the help
1
8
50
As of Feb 7
1. 4504 addresses have revoked as instructed (total affected addresses 7962). The remaining 3458 address holders still need to take action immediately.
2. A total of 1862ETH has been exploited (1842ETH Feb 6), from which 901ETH has been protected.
1
4
14
📢Update
Tether has frozen an Ethereum hacker address holding over $715,000 worth of USDT. This address was involved with Multichain exploitation with a total of 45.4527 ETH. We are working with Tether to trace more exploiter addresses.
1
4
29
Here's a shout out to for being a part of the battle against hackers from the beginning and protecting 18.89 ETH. Many thanks!
3
15