Multichain Bug: Critical Vulnerability for 6 Tokens, Including MATIC and AVAX
A critical vulnerability that affected 6 cross-chain tokens was reported by security firm Dedaub.
If you ever have approved any of these 6 tokens on the Router (WETH, PERI, OMT, WBNB, MATIC, AVAX), please login into https://app.multichain.org/#/approvals to remove any approvals of the 6 tokens as soon as possible. Otherwise, your assets will be at risk.
All assets on both V2 Bridge and V3 Router are safe. All cross-chain transactions can be done safely as usual.
Who needs to revoke approvals?
Only users who had approved the 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX) on Router are required to revoke approvals.
How to revoke approvals?
- If you have approved any of the contracts of the 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX), you need to revoke approval(s) and the options will appear according to your past activity. For example, if you had given contract approvals of WBNB and AVAX, you will see both BSC and AVAX buttons as follows when you login into https://app.multichain.org/#/approvals
- If the BSC/Avalanche network is not connected, you need to switch networks by clicking on ‘Switch to BSC’ or ‘Switch to Avalanche’ and you will see a revoke button then. Please click on ‘Revoke’.
- After that, a Metamask window will pop up, please click on the ‘Confirm’ button.
- Wait for a few seconds and the notification of ‘Approve BNB’ will appear on the top right corner, which means you have revoked the WBNB approval.
- In addition to WBNB on BSC, you still need to revoke the approval of AVAX on Avalanche in this scenario. Please switch to the Avalanche network to revoke. The process is the same as for WBNB.
How to check the status of removal?
To double-check, you can simply refresh the page once you remove the approval(s). If the webpage shows ‘No actions needed’ as in the following screenshot, your removal process is completed.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews
multichain bug multichain bug multichain bug multichain bug