Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Multichain's AnyswapV4Router contract suffered a rush attack, and the attacker made a profit of about 87 Ethereum, about $130,000. After analysis, the attacker used the MEV contract (0xd050) to pre-emptively call the anySwapOutUnderlyingWithPermit function of the AnyswapV4Router contract before the normal transaction was executed (the user authorized WETH but has not yet performed the transfer), although the function uses the permit signature of the token verification, but the stolen WETH this time does not have a relevant signature verification function, and only triggers a deposit function in a fallback. In subsequent function calls, the attacker can directly use the safeTransferFrom function to transfer the WETH authorized by the _underlying address to the attacked contract to the attack contract without signature verification. Attack method (per SlowMist): Rush Attack. Reported loss: $ 130,000.
- chain
- ethereum
- protocol
- Multichain
- bug_class
- mev
- date_occurred
- 2023-02-15
- loss_usd
- $130,000
- source_id
- sm:multichain::2023-02-15