Cross-chain protocol Multichain bug gets exploited for $1.34 million

Quick Take

  • A bug in cross-chain protocol Multichain has been exploited for $1.34 million, according to researchers.
  • While the bug had already been fixed for new users, past users needed to take action to prevent themselves from being affected.

Cross-chain protocol Multichain (previously known as Anyswap) has been exploited for $1.34 million — according to security researchers PeckShield. This occured through a bug that the platform had recently dislosed.

On January 17, Multichain revealed that it had found a critical vulnerability and had fixed it. It said that the bug affected six tokens, including wrapped ether (WETH).

But the problem is that the protocol couldn't fix the bug from affecting past users who had interacted with the protocol. Instead, this required users to manually go to their wallets and revoke permissions that they had previously given to the protocol. Multichain said that these users should do this immediately otherwise their assets would remain at risk.

It appears that many users have not done so and the bug is now being exploited.

"Someone is exploiting this literally *right now*. If you haven't revoked approvals yet you should probably do so before it's too late," tweeted a Paradigm researcher known as Samczsun.

Following the publication of this story, Multichain confirmed that the bug is being exploited and reiterated that users need to revoke approvals to keep their funds safe.

Multichain is the largest cross-chain swap protocol, looking after $8.3 billion in its smart contracts. It runs across 10 blockchains and supports 1,366 tokens. (For a detailed primer on how cross-chain swaps work, see here.)

PeckShield identified that the funds have been transferred to a single blockchain address.


© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

AUTHOR

Tim is the Editor-In-Chief of The Block. He writes about the evolution of crypto technology and the people who are at the forefront of it. He provided exclusive, source-based insights into the launches of the Bitcoin and Ethereum ETFs, crypto sales by the FTX Estate and the Trump-linked World Liberty Financial project. Prior to joining The Block, Tim was a news editor at Decrypt. He earned a bachelor's degree in philosophy from the University of York and studied news journalism at Press Association Training. Follow him on X @Timccopeland.

See More
Connect on

WHO WE ARE

The Block is a news provider that strives to be the first and final word on digital assets news, research, and data.

+ Follow us on Google News
Connect with the block on