Multichain, a cross-chain DeFi platform, is the most recent in a long line of DeFi protocols that have been abused. This time, the attackers were able to take customer funds from the site by acquiring access to accounts that had not been revoked from the platform. In total, almost $1.5 million was stolen by hackers; however, one hacker who took approximately $200,000 is proposing to repay the majority of the stolen assets.
The Hacker Wants His Money Back
In this example, the hacker, who is now known as a grey hat hacker, successfully stole $200,000 from one of the users who had not terminated access to the site. The hackers were able to carry out the attack by taking advantage of a flaw in the protocol. Multiple wallets have been identified behind the attacks, implying that a single hacker did not steal the cash.
In this example, the hacker has offered to restore 80% of the $200,000 stolen from a user. In a transaction to the person who lost the cash, the hacker described it as a white-hat hacker who asked the user to send the transaction where they lost their Wrapped Ether, and they would send 80 percent back to them keeping 20 percent for the bother.
“Whitehat here, provide me the tx you lost your weth, I give you 80% back,” stated the hacker. “The rest are money-saving techniques for me.”
MultiChain Requests Funding
Although the hacker indicated above pledged to restore the majority of the monies stolen, it was not the only address that took advantage of the block. A total of $1.43 million was stolen from a number of additional addresses on the Multichain protocol. It’s unclear whether the hacker who offered to return some payments was the same individual who was behind all of the addresses.
Multichain followed the lead of most protocols that have recently been exploited and sent a transaction to the hacker with the request that the cash is returned. The hacker has yet to respond to the message, if at all.
The exploit was first made public by the protocol on January 17th, the same day as the Crypto.com breach. According to The Block, a single user lost nearly $1 million in the hack and has now promised the hacker a $156,000 gratuity if they return their funds.