This week, the Multichain hacker returned 322 ether (ETH) ($ 974,000 at the time of writing) to the router protocol across chains and one of the affected users.
However, the hacker kept 62 ETH ($ 187,000) as a “fault finding prize”, while 528 ETH ($ 1.6 million) remained after the exploits.
Earlier this week, there was news of a security vulnerability in Multichain related to Wrapped Ether (wETH), Peri Finance (PERI), Mars Token (OMT), Wrapped Binance Coin (wBNB), Polygon (MATIC) and Avalanche (AVAX) and It $ 1.43 million was stolen. On Monday, Multichain announced that the vulnerability had been “reported and fixed.”
However, the publicity about the vulnerability has caused a number of different attackers to attack, and more than $ 3 million was stolen. The critical vulnerability in six tokens is still present, but Multichain has withdrawn around $ 44.5 million in funds from multi-chain bridges to protect it.
A hacker calling himself a “white hat” contacted both Multichain and a user who lost $ 960,000 in the last day or so to negotiate an 80% refund for a hefty data recovery fee. .
According to a tweet on Thursday from ZenGo wallet co-founder Tal Berry, the hacker claimed that they “saved the rest” of Multichain users who were targeted by a botnet to protect themselves against the hack.
The money was returned in four transactions. On Thursday, the hacker returned 269 Ethereum ($ 813,000) in two transactions directly to the user who stole them from him and retained an error reward of 50 ETH ($ 150,000).
Satisfied response from a user to a hacker:
Well, thank you for being honest.
During the night, the hacker also returned 50 ETH ($ 150,000) in two transactions to the official Multichain address and retained the 12 ETH ($ 36,000) error prize.
Related: Multichain asks users to withdraw approval due to “serious loophole”
Multichain (formerly Anyswap) aims to be “the ideal router for Web3”. The platform currently supports 30 chains, including Bitcoin, Ethereum, Avalanche, Litecoin, Terra and Fantom.
In a tweet Thursday, Multichain co-founder and CEO Zhaojun acknowledged that Multichain Bridge contracts need a pause function to handle similar incidents in the future.
Cointelegraph contacted the project for comment.