Multichain, a cross-chain router, has confirmed a major security breach affecting its services.
The incident, which unfolded late on Thursday, impacted an estimated $127 million in user-supplied tokens across its bridges on Fantom, Moonriver, and Dogechain.
The Multichain team is currently investigating the situation and has advised users to suspend the use of its services and revoke all contract approvals related to Multichain.
They are currently conducting a thorough investigation into the breach. While initial reactions suggest a compromise of the protocol’s private key, the stolen tokens have yet to surface on exchanges or pass through cryptocurrency mixing services, which are used to obscure the traceability of cryptocurrencies.
As a result of the incident, all bridge transactions have been halted, and there is no confirmed timeline for resumption of services.
While developers are addressing the issues, the financial impact is already substantial.
Cross-chain bridges, like the ones provided by Multichain, are a part of the crypto ecosystem, allowing users to transfer tokens between different networks.
However, they have proven to be a vulnerable target, with bridge-based exploits accounting for losses of $2.66 billion in the past years, according to data from DefiLlama.
On-chain analytics firm, Lookonchain, estimated that the largest amounts stolen included $62 million worth of USD Coin (USDC), $31 million in Wrapped Bitcoin (wBTC), and $13 million in Wrapped Ether (wETH).
~$127M locked assets on #Multichain were abnormally moved to 6 addresses ~7 hrs ago.
Including:
62.6M $USDC
1,030 $WBTC($31M)
7,214 $WETH($13.4M)
5M $DAI
910K $UNIDX($3.3M)
491K $LINK($3M)
2.5M $USDT
9.7M $WOO($2.1M)
1.3M $ICE($1.8M)
1.36M $CRV($1M)
134 $YFI($914K)
502K $TUSD pic.twitter.com/C4c6nnbGQv— Lookonchain (@lookonchain) July 7, 2023
As of Friday afternoon, the stolen tokens have not been sent to exchanges or passed through mixing services such as Tornado Cash.
The exploit has had a domino effect on related tokens. Multichain’s MULTI tokens have slipped 16% in the past 24 hours.
Fantom (FTM) also experienced a drop of 9.9%, even as developers reassured community members that FTM was not affected by the Multichain incident.
Fantom Foundation, in response to the incident, addressed concerns among community members. They clarified that wFTM, FTM ERC-20, and FTM on Opera were not affected as they were never issued or managed by Multichain.
For the avoidance of doubt, FTM was never issued or managed by Multichain, so wFTM, FTM ERC-20, and FTM on Opera are not affected.
— Fantom Foundation (@FantomFDN) July 7, 2023
The exploit has further exacerbated Multichain’s existing challenges. In May, amid rumors of CEO Zhao Jun’s arrest in China, the Multichain team lost contact with him. Around the same time, the protocol faced a botched upgrade of its cross-chain bridge, with the team attributing the unavailable routes to a “force majeure” situation.
In response to the recent exploit, Binance has suspended support for eight bridged tokens from the cross-chain protocol until further notice.
Meanwhile, Daniele Sestagalli of the ICE crypto project announced that the team has decided to burn $1.85 million worth of ICE tokens impacted by the exploit and airdrop a new token, WAGMI, to Fantom Multichain users. WAGMI, which stands for “We’re All Going to Make It,” is being introduced as a protective measure.
This incident serves as a stark reminder of the potential risks in the DeFi landscape. It underscores the need for robust security measures and vigilant monitoring to protect user assets and maintain trust in these critical infrastructures.