Cross-chain router protocol Multichain (formerly Anyswap) urges users to revoke approvals for six tokens to avoid loss due to a “critical vulnerability” that is currently being exploited by malicious individuals.
Users who approved Wrapped ETH (WETH), Peri Finance (PERI), Official Mars Token (OMT), Wrapped BNB (WBNB), Polygon (MATIC) and Avalanche (AVAX) on the Multichain platform are now at risk, experts warn. To avoid loss, the Multichain team advises users to cancel all of the approvals given to the specified tokens so that they can protect their crypto assets.
Multichain published a step-by-step tutorial on how users can easily revoke approvals. In a tweet, the firm also cautioned users not to transfer any of the affected tokens before revoking the approvals.
The vulnerability was first detected by a security firm called Dedaub and was reported to the Multichain team. The problem was then fixed, and Multichain reports that all digital assets on their v2 Bridge and v3 Router are secured.
However, at the moment, hackers are still exploiting the vulnerability to gain access to users’ funds. At the time of writing, Multichain reports that a total of 445 WETH ($1,412,274.25) is affected.
Please revoke your approvals ASAP. Someone is exploiting this. https://t.co/fFGcrjNN0e
— Dedaub (@dedaub) January 18, 2022
Related: DeFi protocol Grim Finance lost $30M in 5x reentrancy hack
Meanwhile, reports show that hacks and scams took over $10.2 billion from users in 2021. However, despite the losses, the community is taking the appropriate measures to adjust. CEO and founder of security Immunefi, Mitchell Amador, recently told Cointelegraph that “Despite the appearance of entirely new vulnerabilities in the on-chain economy, the community is adapting rapidly.” According to Amador, the community is circulating the “best practices” for securing their digital assets.
Aside from Immunefi, many digital asset security firms are watching out for possible hacks, scams and rug pulls. Earlier this month, Certik identified Arbix Finance as a rug pull, warning users to stay away from the project to protect their digital assets.