Inter-Chain Protocol Multi-Chain Burst Vulnerability! Ask the user to cancel the signed agreement at 6 tokens

币圈子 view 25946 2022-1-19 10:52
share to
Scan QR code with WeChat

跨链协议MultiChain爆漏洞!呼吁用户撤销6种代币的签名授权

The well-known Cross-Chain Router Protocol (CRP) MultiChain, formerly known as Anyswap Decentralized Cross-Chain Exchange, aims to enable multiple blockchain networks including ETHereum (ETH), Binance Smart Chain (BSC), Avalanche, etc - Patrimonial interactions. In December last year, he changed his name to Multichain, and at the same time closed a $60 million financial round led by Binance, with a net worth of $1.2 billion. Currently, the total fixed value (TVL) of devices is over $8 billion, including over 1,300 tokens from 10 blockchains, and over 300,000 users.

MultiChain announced today (18) that crypto security firm Dedaub announced the significant impact of the process on 6-chain systems including Wrapped Ethereum (WETH), PERI Financial (PERI), Mars Token (OMT) and Wrapped Binance Coins (WBNB). Reported negative. , polygon (MATIC), avalanche (AVAX).

Although many chains have fixed the drawbacks, in order to reduce the risk of hacking, users who have approved the above tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX) on multiple routers will have access to them. the 6 tokens concerned immediately on the platform. Removing the signature from the wallet allows otherwise your assets could be at risk.

The team said that all assets of the current V2 bridge and V3 router are secure and all network connections can be optimized. And repeat that only the user who approved the above 6 tokens should cancel the agreement, and no other user should do so.

How to remove?

1. If you have approved any of the 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX) (i.e. you need to revoke your license), your choice will depend on your previous agreement. For example, if you have approved contracts for WBNB and AVAX, go to https://app.multichain.org/#/approvals and you will see the BSC and AVAX options.

跨链协议MultiChain爆漏洞!呼吁用户撤销6种代币的签名授权

2. If you are not connected to BSC/Avalanche network, you need to click Switch to BSC or Switch to Avalanche Switch Networks. This will display the Cancel button. Click Cancel.

跨链协议MultiChain爆漏洞!呼吁用户撤销6种代币的签名授权

3. When the MetaMask window appears, click "OK".

4. Wait for a few seconds and a "BNB Authorization" message will appear in the upper right corner, indicating that you have disabled WBNB authorization.

5. Besides BSC's WBNB, this AVAX Avalanche deal should also be revoked. Switch to the Avalanche Network to cancel. The procedure is the same as for WBNB.

6. To verify that the deletion authorization is complete, repeat the page after completing the deletion authorization. When the website says No Requirements, the removal process is complete.

There is a lot of skepticism about the risk of cross strings.

In fact, this is not the first time that many channels have had this problem. Magic InternetMoney (MIM) token.

At the risk of crossing over, Ethereum founder Vitalik Buterin (later Buterin) recently announced his thoughts on Twitter on the 7th. The reason the cross-chain ecosystem is hard to establish is that the security and integrity of multiple blockchains cannot be synchronized. And chain link combinations can spread well when small blockchains are attacked (because blockchains only read data from bridges and not other blockchains).

Last October, public broadcaster Polygon discovered flaws in the Polygon Plasma Bridge, which could cost them $850 million. Luckily, the white supremacist saw it immediately and announced it on the smart bug contract platform Immunefi, so Polygon was able to fix the bug before any issues arose. The white hat hacker received $2 million in currency, which also set the record for the highest profit in the cryptocurrency world.

btcfans公众号

Scan QR code with WeChat

Disclaimer:

Previous: Happy Reading: Creating a Future for Ethereum Next: Buterin confirmed that EIP-1559 reduced conversion time. Polygon Mainnet Update

Related