Multichain hackers restored 322 ETH ($ 974,000) to the cross-chain router protocol and one of the impacted users.
However, the hacker kept 62 ETH (worth USD 187,000) as a “bug bounty,” and a total of 528 ETH (worth $1.6M) remained unclaimed following the attacks.
Earlier this week, news broke of a multichain security flaw involving the coins WETH, PERI, OMT, WBNB, MATIC, and AVAX, and $1.43 million was stolen. On January 17, Multichain claimed that the critical vulnerability had been “reported and resolved.”
However, exposure of the vulnerability allegedly spurred a number of other attackers to rush in, resulting in the theft of more than $3 million in money. The key vulnerability in the six coins remains, but Multichain has diverted around $44.5 million from several chain bridges to secure them.
One of the hackers, identifying himself as a “white hat,” has been in contact with both Multichain and a user who lost USD 960,000 in the last day or two, attempting to negotiate the recovery of 80 per cent of the money in exchange for a substantial finder’s fee.
According to Tal Be’ery, co-founder of ZenGo wallet, in a Jan. 20 tweet, the hacker claimed they had been “protecting the remainder” of the Multichain users who were being targeted by bots in an act of defensive hacking.
The money was repaid in four separate transactions. On January 20, the hacker returned 269 ETH ($813,000) in two transactions to the individual from whom he stole it, while keeping a bug bounty of 50 ETH ($150,000).
Overnight, the hacker also remitted 50 ETH ($150,000) to the official Multichain address in two transactions, while keeping a bug bounty of 12 ETH ($36,000).
In a tweet on January 20, Multichain Co-Founder and CEO Zhaojun admitted that Multichain bridge contracts require a stop mechanism to deal with such events in the future.