- Numbers Protocol has alerted its ERC20 NUM holders of a contract exploit through Multichain protocol.
- The attacker stole 557,754.45000198 NUM from one user before swapping all the NUM tokens for ~13 ETH.
- The company has asked NUM users to disconnect their wallets to Multichain swaps until the issue is resolved.
Numbers Protocol has alerted its community of a bridge exploit to the ERC20 NUM. The decentralised digital asset network said one user lost 557,754.45000198 NUM, while the hacker later swapped for approximately 13 ETH.
Numbers Protocol offers a number of decentralised digital asset options to users including a feature that instantly turns photos into non-fungible tokens (NFTs) and a web3 search engine that helps users to find historical data relating to NFTs.
NFTs are blockchain-based digital files representing proof of ownership to a JPEG, a digital collectible, virtual merch, or in Numbers’ case a photograph.
The company has since asked NUM holders to disconnect wallets to multi-chain swaps until the issue is dealt with.
Announcing the incident on Twitter, Numbers wrote: “We were made aware of a critical issue with the multi-chain bridge that may affect ERC20 NUM users…Suggest NUM users disconnect wallets to multi-chain swaps & do not use those services until the issue is clarified.”
Describing the attack in a Medium blog post, Numbers said it happened in one wallet, granting unlimited permissions to Multichain, a popular cross-chain bridge that handles hundreds of millions of dollars in daily transaction volume. The bridge was exploited in January this year with users losing $1.4 million.
Numbers said the same concept was used to attack NUM users who were granted permissions before, with approximately 13 ETH worth of NUM stolen.
The company confirmed with its official bridge partner XY Finance that its contracts are safe, and has asked Multichain to upgrade its v4 NUM router to v6.
“Besides, as the abuse of Multichain router v4 connects to the fallback function in the ERC20 NUM contract, there will be an upgrade of the NUM token contract further prevent future similar attacks. The upgrade is scheduled in the next 10 days,” Numbers wrote in the blog post.
Numbers has further instructed its community to use its recommended bridge partners like XY Finance and avoid granting an unlimited amount of tokens to dApps.
The company also said the NUM contract has passed the auditing from Certik, a blockchain-based security ranking platform for on-chain protocols and decentralised finance (DeFi). The NUM contract is also being watched by their Skynet service, a security alert and monitoring service offered by Certik.
Sign up to the world’s biggest crypto exchange Binance to buy and sell cryptocurrencies.
Stay up to date: