$5 981 000 USD
DESCRIPTION OF EVENTS
"The Ultimate Router for Web3.0." "Multichain was born as Anyswap on the 20th July 2020 to service the clear needs of different and diverse blockchains to communicate with each other. Each blockchain has its own unique services that it provides, its own community and its own development ecosystem. For our industry to reach the next level for consumers, we need a fast, secure, inexpensive and reliable way to exchange value, data and exercise control between the chains."
"The solutions developed by Multichain allow almost all blockchains to inter-operate. There is no restriction to Ethereum like chains (e.g. Binance Smart Chain), or different Layer 2 chains requiring finality to Ethereum (e.g. Polygon), or a network of Parachains (e.g. Moonbeam in the PolkaDot system), or Bitcoin types of chain (e.g. Litecoin), or COSMOS chains (e.g. Terra). These are either now all integrated, or on course for integration. With support for all ECDSA and EdDSA encrypted chains, Multichain is almost universally applicable as an interoperable layer."
"A critical vulnerability that affected 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX) has been reported and fixed. All assets on both V2 Bridge and V3 Router are safe, and cross-chain transactions can be done safely." "The liquidity for these 6 tokens is fixed now. All assets on both V2 Bridge and V3 Router are safe and all cross-chain transactions can be done safely as usual."
"Only users who had approved the 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX) on Router are required to revoke approvals. For other people, no action is needed." "If you have approved any of the contracts of the 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX), you need to revoke approval(s) and the options will appear according to your past activity. For example, if you had given contract approvals of WBNB and AVAX, you will see both BSC and AVAX buttons."
"Callers should not rely on permit reverting for arbitrary tokens. The call token.permit(...) never reverts for tokens that do not implement permit have a (non-reverting) fallback function. Most notably, WETH — the ERC-20 representation of ETH — is one such token."
"We call this pattern a phantom function— e.g., we say “WETH has a phantom permit” or “permit is a phantom function for the WETH contract”. A contract with a phantom function does not really define the function but accepts any call to it without reverting. On Ethereum, other high-valuation tokens with a phantom permit are BNB and HEX. Native-equivalent tokens on other chains (e.g., WBNB, WAVAX) are likely to also exhibit a phantom permit."
"In the case of AnySwap/MultiChain code, the simplest vulnerable contract" "means that the regular deposit path (function deposit) transfers money from the external caller (msg.sender) to this contract, which needs to have been approved as a spender. This deposit action is always safe, but it lulls clients into a false sense of security: they approve the contract to transfer their money, because they are certain that it will only happen when they initiate the call, i.e., they are the msg.sender."
"The second path to depositing funds, function depositWithPermit, however, allows depositing funds belonging to someone else (target), as long as the permit call succeeds." "The problem in this case is that the WETH token has a phantom permit, so the call to it is a non-failing no-op. Still, this should be fine, right? How can a no-op hurt? The permit did not take place, so no approval/allowance to spend the target’s money should exist."
"All WETH of all such clients can be stolen, by a mere depositWithPermit followed by a withdraw call. (To avoid front-running, an attacker might split these two into different transactions, so that the gain is not immediately apparent.)" "Two separate vulnerabilities are based on the above attack vector. The first was outlined above. The second, on AnySwap router contracts, is a little harder to exploit — requires impersonating a token of a specific kind. We do not illustrate in detail because the purpose of this quick writeup is to inform the community of the attack vector, rather than to illustrate the specifics of an attack."
"Although we have found other instances of the vulnerable code patterns, the contracts currently have very low or zero approvals on Ethereum." "[O]ur best indicators suggest that there is no great exposure outside the AnySwap/Multichain contracts."
"If you have ever approved any of these 6 tokens, [please] log in asap to revoke the approvals, otherwise, your assets are at risk." "Please do not transfer any of these 6 tokens to your wallet before revoking the approvals. The risk will be eliminated instantly upon revoking approvals."
"Many thanks to security firm @dedaub for reporting this vulnerability." They also "scanned the entire Ethereum chain for instances of this threat and warned other projects when applicable." "We have been awarded Multichain’s maximum published bug bounty of $1M for each of the two vulnerability disclosures. (Thank you for the generous recognition of this extraordinary threat!)"
"Current main attacker, already accumulated ~$180K." "Top 10 victims of the #Anyswap #MultiChain hack (out of at least 330) Biggest individual loss: ~$170K (54 Weth)." "Stolen funds are currently held at this address, more than 450 Ether (~$1.34m)"
"As of Jan 28, 3735 addresses have revoked as instructed (total affected addresses:7962), while 4227 addresses still need to take action. 941 ETH ha[d] been exploited. 901 ETH has been saved by the joint efforts of whitehats and Multichain."
"As of Feb 7, 4504 addresses ha[d] revoked as instructed (total affected addresses 7962). The remaining 3458 address holders still need to take action immediately. A total of 1862ETH ha[d] been exploited (1842ETH Feb 6), from which 901ETH has been protected."
"According to the tracking data, one whitehat hacker has returned 259 ETH."
"Shout out to @0xlosha for protecting 125AVAX, we will return to users accordingly. Many thanks."
"Tether has frozen an Ethereum hacker address holding over $715,000 worth of USDT. This address was involved with Multichain exploitation with a total of 45.4527 ETH. We are working with Tether to trace more exploiter addresses."
"Here's a shout out to @BlockSecTeam for being a part of the battle against hackers from the beginning and protecting 18.89 ETH. Many thanks!"
"I've had a ticket open since Jan 18. Can provide id if you want. They keep saying to wait for an announcement for reimbursement of funds. So when will this process start? When will multichain start returning the funds."
"Dev team keeps 24/7 tracking the hack and monitoring the affected users’ assets and all the other funds. Alert announcements and updates on all social channels. Reach and notify all the affected users through different platforms. Send onchain alert message to affected addresses. Alert banners go live at Etherscan, Polygonscan, BSCscan. 24/7 support service at our Help Center."
"The reported vulnerability remains critical for the old users who had approved the six tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX) in their addresses. We strongly urge these users to revoke their approvals immediately before sending any of these 6 tokens to their wallets again." "Otherwise, these six tokens in your address is always at risk, risk will be eliminated instantly upon revoking approvals."
MultiChain (formerly AnySwap) is one of the largest decentralized token swap services around. As part of the trading process, users would grant unlimited approvals to the smart contract. Unfortunately, being human, the developers of the original AnySwap smart contract made a mistake which resulted in risk to tokens. After publicly announcing and later explaining the vulnerability in detail, people's funds started to be stolen. Many users were fast to remove the permissions before hackers could take their funds, however others were too slow and lost their funds. Some have even still kept the permissions active, and are likely to be subject to future loss of any funds they bring into their wallet in the future.
While significant funds have been recovered by white hackers and some centralized exchanges, it appears that attackers have been exploiting the vulnerability to a high degree of success. In total, slightly less than half of the $6m worth of ethereum has been recovered. Much of the remainder has been sent to TornadoCash to be anonymized.
HOW COULD THIS HAVE BEEN PREVENTED?
Turning everyone's wallet into a hot wallet is not a good design from a security standpoint. It is far more secure to keep funds stored offline with no smart contract permissions granted, and most certainly not unlimited permissions. Users could avoid this problem by immediately revoking permissions after trading, or keeping funds they aren't actively trading in a separate cold wallet.
When a vulnerability is found, it makes far more sense to whitehack the funds, than to hope that users will be able to find the information and remove their funds faster than hackers will. Platforms should fund a treasury to be able to assist users from events like this, which would be more capital efficient if multiple platforms create a fund together.
@amanusk_ Twitter (Jun 26)
@Mudit__Gupta Twitter (Jul 20)
Action Required Critical Vulnerability For Six Tokens (Jul 20)
https://multichain.org/ (Jul 21)
Introduction - Multichain (Jul 21)
@TalBeerySec Twitter (Jul 21)
https://etherscan.io/tx/0x550f2aee9e5f5db37edc12a7943817d83c4479cc41f1ee81a8d4f1c60ee18ec6 (Jul 21)
https://etherscan.io/tx/0x45ef59cbcae80cc4f6ebb2caac22863e67367b73e8610ddbeebb36fc5d910b0d (Jul 21)
https://etherscan.io/txs?a=0x4986e9017ea60e7afcd10d844f85c80912c3863c (Jul 21)
https://etherscan.io/address/0xb4f89d6a8c113b4232485568e542e646d93cfab1 (Jul 21)
https://etherscan.io/address/0x7e015972db493d9ba9a30075e397dc57b1a677da (Jul 21)
https://etherscan.io/tx/0xc33f6c406f1172c01d0b987237624f2cbe1021fe721da0d2fb07b31553edb684 (Jul 21)
@PeckShieldAlert Twitter (Jul 21)
https://etherscan.io/address/0xfa2731d0bede684993ab1109db7ecf5bf33e8051 (Jul 21)
https://etherscan.io/address/0xb5c827fdbbee6f6e9df3a5cb499aedf5927de1b8 (Jul 21)
https://coinmarketcap.com/currencies/ethereum/historical-data/ (Dec 20)
@MultichainOrg Twitter (Jul 21)
@jmanjumpman Twitter (Jul 21)
@MultichainOrg Twitter (Jul 21)
@MultichainOrg Twitter (Jul 21)
@dedaub Twitter (Jul 21)
https://media.dedaub.com/phantom-functions-and-the-billion-dollar-no-op-c56f062ae49f (Jul 21)
@MultichainOrg Twitter (Jul 21)
Dedaub: At the forefront of the smart contract security industry (Jul 23)
@MultichainOrg Twitter (Jul 23)