On July 7th, tokens worth over $100 million have been withdrawn from the Multichain bridge on the Fantom network. The transferred tokens include stablecoin USDC worth $58 million, 1020 WBTC (equivalent to $30.9 million), 7200 WETH (equivalent to $13.7 million), and $4 million worth of stablecoin DAI (the total value of these four tokens exceeds $100 million). This also includes other tokens such as Chainlink, Curve DAO, YFI, Wootrade Network, and nearly one-fourth of UniDex's total supply. Assets also seem to be moving on Multichain's Moonriver bridge, including 4.8 million USDC and 1 million USDT. Abnormal fund flow has also been observed on Dogechain, with at least 660,000 USDC being sent to the same wallet as the Moonriver fund flow.

In response, Multichain tweeted that the locked assets on its MPC address have been abnormally moved to an unknown address. The team is unsure about what happened and is currently conducting an investigation. It is recommended that all users suspend the use of Multichain services and revoke all contract authorizations related to Multichain.

Multichain Events Controversial

Odaily has learned from multiple sources that there are several points of view:

Security company Paidun questioned: this may be related to LayerZero's increased support for four tokens (USDC, USDT, WETH, and WBTC), which overlap but are not exactly the same as the tokens being moved.

LayerZero CEO Bryan Pellegrino responded that this issue is unrelated to the platform and believes it is a hack against Multichain. Multichain bridge users may withdraw assets and take them to LayerZero.

Wintermute research director Igor Igamberdiev said that it is likely done by someone in control of Multichain, as funds on the Fantom side were not destroyed during the transaction. Interestingly, the wallet that received a large amount of USDC had previously conducted a transaction on the old Binance Smart Chain (i.e., BNB Chain) bridge a few hours ago.

FireEye researcher 0 x Loki stated on Twitter: "The Multichain attackers are most likely not hackers, and Multichain may have lost MPC multi-signature control." and listed the following 3 points:

1. The transferor had sufficient time and, given the technical characteristics of MPC, was likely able to gain control over more than the threshold of private key shards in some way.

2. The attack method is very simple, just a straightforward transfer operation, without contracts or testing. The attackers are most likely not hackers.

3. The transferor did not

Further disposal and realization may be done, and the operator may not have absolute decision-making power.

Currently, the truth of the incident still needs an official answer. Odaily checked the changes in TVL of Multichain on DefiLlama and found that 99.76% of the funds have been withdrawn within 24 hours, indicating a relatively fierce reaction from users regarding this incident.

Cross-Chain Risks and Self-Rescue Measures

Less than a week has passed since the Poly Network hack incident, and the top cross-chain project Multichain has once again encountered fund risks. Currently, cross-chain bridges have become a hotspot for hacker attacks and other security incidents. According to the 0xScope team's article "Why are there so many accidents with cross-chain bridges?", cross-chain bridge fund risks mainly manifest in three aspects:

1. Token deposits: contract permission vulnerabilities, fake token deposits, token compatibility issues.

2. Cross-chain message transfer: listening and processing of deposit messages, deposit correctness verification, cross-chain processing confirmation.

3. Multi-signature verification: decentralization level of multi-signature.

In the context of interconnection among various chains, cross-chain bridges, as the key point of interconnection, accumulate enormous funds. They have complex technologies and multiple technical aspects. In addition, frequent updates make them highly susceptible to hacker attacks. Projects that have experienced incidents must have vulnerabilities that were exploited, and projects that have not yet experienced incidents cannot guarantee future security. How should we self-rescue?

1. When incidents occur, revoke the contract authorization for the cross-chain bridge as soon as possible to prevent further risks. You can use the "approval checker" in your blockchain browser to revoke authorization. It is also recommended to regularly review and clean up unnecessary contract authorizations, as hackers often exploit vulnerabilities in smart contracts to extract assets multiple times.

2. Users with frequent cross-chain needs should closely monitor relevant information about the cross-chain bridge, such as risk warnings from security companies and official upgrade announcements, in order to be prepared and respond promptly.

As participants of the cross-chain bridge LP (liquidity provider), when facing such incidents, it is important to:

Events, actively communicate with the project party, keep a good record of locked assets, and wait for post-resolution.