Cybersecurity firm Beosin is warning potential victims of the unconfirmed attack on the Multichain cross-chain router protocol to beware of scammers impersonating the platform and offering refunds.
"The scammers are posting phishing links in the reply section in the recent MultichainOrg exploit," Beosin’s team informed the Twitter community today, disclosing the phishing website and the address of the scammer. According to Beosin, the scammer has already received around $44,000 from Multichain users seeking refunds.
It appears that malicious actors are targeting victims of the possible Multichain exploit. At press time, there was no confirmation of the exploit, but many onchain sleuths as well as the Multichain team itself feared such a possibility based on recent unusual withdrawal activity.
Read also: CertiK Report: $100 million Atomic Wallet hack is the largest in Q2 2023
Yesterday, blockchain observers detected a massive outflow of funds, including the transfer of Wrapped Ether, Wrapped Bitcoin, and US Dollar Coin worth nearly $102 million from the Fantom bridge’s Ethereum smart contract, as well as $666,000 withdrawal from Dogechain and almost $6 million from Moonriver.
Today, another Web3 cybersecurity firm, PeckShield, reported an update on the withdrawals, claiming that the total had reached $126 million. PeckShield also mentioned the movement of tokens such as DAI, LINK and USDT.
Meanwhile, Danielle Sesta of multichain optimization yield platform Popsicle Finance announced that his team burned 1.3 million ICE tokens worth about $1.85 million that were transferred to the exploiter's address.
Read also: Kid scammers steal millions and spend them on Roblox
"We contacted all the parties and protocols involved, nobody had any information that was satisfying to us. To leave nothing to chance, we have decided to burn the ICE tokens that were in the multichain-affected wallet," Daniele tweeted yesterday, adding that the team behind Popsicle Finance had made such a decision because "the whole cycle of DEFI started with Popsicle Finance with an airdrop on Fantom."
Now the team is in the process of "airdropping the burned $ICE tokens in the form of WAGMI to Fantom Multichain users."
While scammers are already luring potential victims of the incident, Multichain itself has not yet confirmed the exploit. However, its team has admitted the abnormal withdrawal activity.
"The lockup assets on the Multichain MPC address have been moved to an unknown address abnormally. The team is not sure what happened and is currently investigating," Multichain announced on Twitter today, asking users to "suspend the use of Multichain services and revoke all contract approvals related to Multichain."
The information about fake refunds is posted in the same thread on Twitter, which can make it quite difficult for Multichain users to distinguish a scam attempt from a genuine refund announcement.
Read also: Total losses from hacks drop fourfold compared to 2022
"All users are suggested to claim their refund and revoke app approvals to Multichain immediately. A temporary compensation disbursement has been allocated due to the negative market sediment," scammers urge protocol to claim their refunds through a phishing website.
Another post from scammers impersonating the Multuchain team suggests that the platform has already officially confirmed the hack, "We are sorry. We are refunding. Everyone. We got recently hacked and many user funds were taken with it. As a responsible company, Multichain is going to personally refund all lost user funds. Click below to apply."
While many crypto users were rather disappointed by this incident, posts about refunds are filled with excited comments that may also be fake.
The recent incident was not the only security issue with Multichain. In 2022, its users lost nearly $3 million worth of MATIC, AVAX, PERI, WETH, WBNB, and OMT worth $3 million due to the exploit of a security vulnerability.
In the past, Multichain was severely criticized for its ambiguous messages regarding the exploit, which confused the victims of the hack and cybersecurity and Web3 analytics firms. Notably, Multichain’s team claimed that the stolen funds were both safe and unsafe at the same time.
Given the recent exploit, many in the crypto community were surprised that the platform still has so many users.