In a shocking turn of events, the cross-chain router protocol Multichain has been targeted in an exploit, resulting in significant losses.
The exploit specifically targeted Multichain’s Fantom bridge, leading to the extraction of valuable crypto assets such as WBTC, USDC, DAI, wETH, and Link.
The stolen funds amounted to a staggering $126 million, with WBTC accounting for $30.9 million, wETH for $13.6 million, and USDC for $57 million.
Multichain’s Response And Security Firms’ Analysis Of The Exploit
On Thursday, July 6, blockchain security company PeckShield posted a screenshot on Twitter showing some concerning transactions happening in the Multichain wallet. The screenshot showed a significant amount of USDC, Wrapped BTC, and Wrapped ETH being moved in single transactions.
PeckShield later confirmed that the breach had indeed happened and that Multichain had lost over $126 million to the hack. The breach was also confirmed when Multichain itself took to Twitter to announce that assets held in their MPC address had been abnormally transferred to an unknown destination.
As a precautionary measure, Multichain urged users to suspend the use of their services and revoke all contract approvals. Notably, most of the damage seems to have occurred with tokens on the Fantom blockchain.
Given this, Michael Kong, CEO of Fantom Foundation, expressed his commitment to investigating the incident and determining the extent of the damage caused.
This latest hack adds to the mounting challenges faced by Multichain, which has already experienced a drop in price due to rumors of arrests of key members.
MULTI price declines by over 10% following exploit | Source: MULTIUSD on TradingView.com
Multichain’s Woes And Binance’s Response
Changpeng Zhao, CEO of the largest crypto exchange in the world, Binance, took to the platform to assure users that they had no exposure to the DeFi protocol. According to him, the exchange had already swapped out all of its assets from Multichain and disabled deposits as well.
The decision to halt deposits of 10 Multichain bridged tokens seems to have come just in time as Binance’s announcement happened on Wednesday, and Multichain was exploited on Thursday. This move from the exchange has likely saved its users millions of dollars.
However, the CEO offered Binance’s support to the DeFi protocol as they navigate the exploit. Cross-chain bridges have historically been susceptible to exploits, seeing the highest amount of funds stolen so far in the DeFi space. This is because cross-chain bridges are more likely to feature vulnerabilities as their security depends on the chains they are bridging.
According to a Token Terminal study released in December 2022, over $2.5 billion was lost to cross-chain bridge attacks between 2020 and 2022 alone. The Ronin Bridge exploit linked to South Korean hackers saw investors lose $650 million to the hackers in 2022.
Featured image from Discover Magazine, chart from TradingView.com