The exploit was discovered during routine monitoring and security checks, prompting swift action from the team to investigate and address the issue.
During the evening hours of Thursday, Multichain encountered a significant outflow of tokens amounting to approximately $130 million across its bridges operating on the Fantom, Moonriver, and Dogechain blockchain networks. This unexpected occurrence raised concerns and prompted immediate attention from the Multichain team to address the situation.
The exploit targeted the bridge infrastructure of these blockchain networks, aiming to manipulate the functionality and bypass security measures. As a result, unauthorized transactions and movements of digital assets were conducted, leading to potential financial losses for users.
According to on-chain analytics firm Lookonchain, blockchain data estimates that the largest stolen amounts in the recent exploit of Multichain's bridges on Fantom, Moonriver, and Dogechain include approximately $62 million worth of USD Coin (USDC), $31 million in Wrapped Bitcoin (wBTC), and $13 million in Wrapped Ether (wETH).
As of the afternoon hours on Friday, there have been no reports of the stolen tokens from the Multichain exploit being sent to exchanges or passed through mixing services like Tornado Cash. This suggests that the perpetrators have not yet attempted to liquidate or obfuscate the origin of the stolen tokens.
Multichain and similar bridges play a crucial role in the crypto ecosystem by enabling the seamless transfer of tokens across different networks. However, their vulnerability has become increasingly evident, even more so now with Multichain’s apparent exploit. According to DefiLlama, these exploits have led to a staggering $2.66 billion being lost over the past years, with the losses stacking even higher when considering other similar hacks across various crypto ecosystems.
Multichain has been audited multiple times in the past including twice by Certik, a leading blockchain security firm, who raised no major concerns. However, the firm has since stated that “This exploit appears to be the result of a private key compromise, and as such falls outside the scope of the audits we conducted,” Raising questions on Multichain’s inner security.
Multichain’s Bridging service is still unavailable as of the time of writing, and Multichain’s MULTI and other related tokens have slumped in the past 24 hours amid a broader market decline.
Multichain CEO Still Missing
Multichain has faced significant scrutiny and challenges in recent weeks, as its bridging service encountered multiple unexpected issues disrupting functionality. Adding to the complications, and possibly being at the root of them, Multichain’s team has been “unable to contact CEO Zhaojun and obtain the necessary server access for maintenance”, with the Multichain CEO reported missing for over a month and possibly detained by Chinese authorities. This situation emphasized the reliance on key individuals within the organization and underscored the importance of ensuring redundancy and resilience even in decentralized protocols.
During this period, crypto exchange Binance had to suspend token deposits from Multichain on two separate occasions due to persistent transaction delays. The issues have led to a total locked value of $1.26 billion, according to DeFiLlama, underscoring the platform's significance within the crypto space.
The combination of technical issues, Binance's suspension of token deposits, and the absence of the CEO has contributed to a challenging period for Multichain, highlighting the importance of security, operational resilience, and robust contingency measures within decentralized platforms.