The prominent cross-chain router protocol (CRP) MultiChain, formerly known as the decentralized exchange Anyswap, enables interoperability of on-chain assets across multiple blockchain networks including Ethereum (ETH), Binance Smart Chain (BSC), and Avalanche. After rebranding to MultiChain in December and securing $60 million in funding led by Binance, the protocol now boasts a total value locked (TVL) exceeding $8 billion, supporting 1,300+ tokens across 10 blockchains with over 300,000 users.
Critical Vulnerability Affecting 6 Cross-Chain Tokens
On January 18th, MultiChain announced that cybersecurity firm Dedaub discovered a critical vulnerability impacting six wrapped tokens:
– Wrapped Ethereum (WETH)
– PERI Finance (PERI)
– Mars Token (OMT)
– Wrapped Binance Coin (WBNB)
– Polygon (MATIC)
– Avalanche (AVAX)
👉 Protect your crypto assets now by following these security steps immediately.
Immediate Action Required
While the team has patched the vulnerability, users who previously approved any of these tokens on MultiChain’s router must:
1. Revoke wallet signature approvals for all six tokens
2. Complete the process before potential exploit attempts occur
V2 Bridge and V3 router assets remain secure, and regular cross-chain transactions are unaffected. Only users who approved the specified tokens need to take action.
Step-by-Step Approval Revocation Guide
- Access the approval portal: Visit MultiChain’s approval page (requires wallet connection)
- Network selection:
- If not connected to BSC/Avalanche, manually switch networks
- Look for the “Revoke” button corresponding to your approved tokens
- Transaction confirmation:
- MetaMask will prompt for confirmation
- Wait for the “Approve [Token]” success notification
- Verification:
- Refresh the page after revocation
- “No actions needed” confirms successful removal
Cross-Chain Security Concerns
This incident follows MultiChain’s July 2021 exploit (as Anyswap) where hackers stole $3+ million in USDC and MIM tokens through a V3 router vulnerability.
Ethereum founder Vitalik Buterin recently commented on cross-chain risks:
“The future will be multi-chain, not cross-chain… Fundamental security limitations exist when bridging consensus systems.”
Other notable cross-chain incidents include:
| Incident | Chain | Potential Loss | Outcome |
|———-|——-|—————-|———|
| Polygon Plasma Bridge | Polygon | $850 million | Whitehat discovery prevented exploit |
| Anyswap Exploit | MultiChain | $3 million | Funds stolen |
| Wormhole Attack | Solana | $325 million | Largest bridge hack to date |
👉 Explore secure crypto solutions to mitigate cross-chain risks.
FAQ: MultiChain Vulnerability Response
Q: Is my crypto safe if I never used MultiChain?
A: Yes, only users who actively approved the six specified tokens are affected.
Q: How long do I have to revoke approvals?
A: Act immediately – vulnerabilities become targets as they become public knowledge.
Q: Can I reuse my wallet after revoking approvals?
A: Absolutely. Revoking only removes specific contract permissions, not wallet functionality.
Q: What’s the difference between V2 and V3 router risks?
A: The vulnerability specifically affected V3 router approvals. V2 Bridge operations were never compromised.
Q: Should I avoid all cross-chain protocols now?
A: While risks exist, many projects implement rigorous audits. Always research protocols before use.
Q: How was this vulnerability discovered?
A: Through routine security audits by Dedaub, a blockchain cybersecurity firm.
Proactive Security Measures
Users should regularly:
1. Audit wallet approvals using tools like Etherscan’s Token Approvals checker
2. Revoke unnecessary contract permissions
3. Monitor official project channels for security updates
4. Consider hardware wallets for large holdings
The crypto community continues developing solutions to cross-chain security challenges, with recent advancements including:
– Zero-knowledge proof verification
– Decentralized oracle networks
– Insurance-backed bridge protocols
Remember: In blockchain security, user vigilance remains the first line of defense against potential exploits.