A white-hat hacker has returned 322 Ethereum (around $900,000) after an exploit drained Multichain users of more than $3 million worth of crypto this week. 

Up to $1.5 million worth of Ethereum is still at large, however.

Multichain is a cross-chain router protocol that bridges users between thirty different blockchains, including Bitcoin, Ethereum, and Terra. 

This week’s critical vulnerability appears to have affected six tokens on the protocol: Wrapped ETH (WETH), Peri Finance Token (PERI), Official Mars Token (OMT), Wrapped BNB (WBNB), Polygon (MATIC), and Avalanche (AVAX).

On Monday, Multichain announced on Twitter that the problem had been “reported and fixed.” 

However, more attackers swooped in after the announcement and were still able to exploit the protocol through the same vulnerability, with one hacker stealing as much as $1.43 million

The White Hat Multichain hacker

In the badlands of crypto, critical vulnerabilities aren’t just exploited by criminals for self-interested motives, they also draw the attention of blockchain vigilantes called “white hat” hackers, who exploit vulnerabilities to report them and collect a bounty. 

​​

One of the attackers that attacked Multichain after Monday’s announcement was a white hat. 

The hacker returned 322 ETH (around $900,000) to an affected user and kept 62 ETH ($173k) as a bounty for themselves.

The hacker also returned 52 ETH ($139,000) to Multichain and kept around 12 ETH as a bounty. 

Around 527 ETH, or just under $1.5 million, is still missing, however. 

On Thursday, Multichain CEO and co-founder Zhaojun took to Twitter and confirmed ZenGo wallet co-founder Tal Be’ery’s theory that the vulnerability was due to the fact that Multichain’s bridge contracts need a pause function to prevent loss of funds in the future.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.