The DeFi sector faced a major setback with a security breach in Multichain, previously known as Anyswap.
On July 7, 2023, the hackers illicitly transferred vast sums from several token bridges, totaling approximately $126 million across chains like Fantom, Moonriver, and Dogecoin.
This incident, which ranks as the 14th largest crypto theft in history, not only underlined vulnerabilities in Multichain but also destabilized other ecosystems reliant on it.
The repercussions were felt with the de-pegging of stablecoins and affected ecosystems, even as investigations continue and the community hopes for asset recovery through potential negotiations with the hacker.
Introduction
Table of Contents
The DeFi sector has been rocked by a considerable security breach involving Multichain, a prominent cross-chain protocol formerly known as Anyswap.
A staggering sum of ~$126M was unlawfully siphoned from multiple token bridges, raising serious questions about cross-chain transaction security.
Some suspect it to be a rug pull, while some are of the opinion that the Lazarus group of North Korean hackers can be behind the hack.
Timeline and Details of the Breach
Early Indications & Team’s Response:
- Anomalies in Multichain’s contracts were the primary indicators of the exploit. Approximately $130 million in assets were shifted to an unknown account.
- On July 7th, hackers targeted Multichain, resulting in a theft of $126 million across chains like Fantom, Moonriver, and Dogecoin. This theft represented roughly 9% of the Total Value Locked (TVL) before the breach, making it the 14th largest theft in crypto history.
Timeline
- 4:21 PM UTC: First Suspicious transaction detected. Txn: https://bit.ly/3O5vBzL
- 6:33 PM UTC: ~30M WBTC and assets withdrawn from MultiChain bridge. Txn: https://bit.ly/3D2q9an
- 7:35 PM UTC: LayerZero confirms no direct involvement in the hack.
- 7:46 PM UTC: MultiChain Moonriver bridge starts draining. Txn: https://t.ly/L-Zq
- 8:05 PM UTC: MultiChain Dogechain bridge targeted, assets drained. Txn:https://t.ly/Ma8e
Breakdown of Stolen Assets
The Fantom Bridge suffered the most, with losses totaling $122 million.
| Stolen Asset | Current Valuation |
| 57.8 million USDC | $57.8M |
| 1.024k WBTC | $26.7M |
| 7.214k WETH | $11.9M |
| 4.178 million DAI | $4.1M |
| 491.657k LINK | $2.93M |
| 910.654k UNIDX | $1.8M |
| 1.493 million USDT | $1.5M |
| 9.674 million WOO | $1.76M |
| 1.297 million ICE | $869K |
| 1.362 million CRV | $611K |
| 134.48 TFI | $3 |
| 502.4k TUSD | $502.4K |
Other bridges hit were Multichain’s Moonriver and Dogecoin contracts. The total assets stolen from Multichain Bridge amounted to $126.3 million.
Addresses Linked to the Breach
- 0x9d5765ae1c95c21d4cc3b1d5bba71bad3b012b68 — ($16.7M including DAI, LINK, USDT, and CRV)
- 0xefeef8e968a0db92781ac7b3b7c821909ef10c88 — $30.1M in USDC
- 0x418ed2554c010a0c63024d1da3a93b4dc26e5bb7 — $13.4M in wETH
- 0x622e5f32e9ed5318d3a05ee2932fd3e118347ba0 — $30.9M in wBTC
- 0x48bead89e696ee93b04913cb0006f35adb844537 — $7.5M in USDC, USDT, DAI, and wBTC from Moonriver
- 0x027f1571aca57354223276722dc7b572a5b05cd8 — $27.7M in USDC
The Aftermath of the Exploit
- On July 14th, an update was provided. The CEO, Zhaojun, was detained by Chinese authorities, leading to loss of access to vital operational servers and funds. Subsequent issues, including Zhaojun’s sister’s detainment, compounded the crisis.
- The team has since urged users not to use the Multichain service and to amplify this message.
The Impact on Other Ecosystems
Direct and Ripple Effects
- Stablecoins on Fantom, Moonriver, and Dogechain have suffered severe de-pegging. On Fantom: fUSDC is now at $0.56, fUSDT at $0.39, and fDAI at $0.38.
- Kava, Conflux, and ETHW, though not directly affected by the hack, are facing stability issues due to reliance on cross-chain assets issued by Multichain.
- Many DEFI whales on Fantom are converting their assets into FTM and depositing them into exchanges, exacerbating the de-pegging of stablecoins on Fantom.
Historical Perspective
- Multichain, previously Anyswap, has suffered multiple attacks in the past. An approval-draining attack in 2022 led to a loss of $3 million. This recent exploit is among the most severe attacks of July 2023.
- The massive thefts from Ronin Network in 2022 and Poly Network in 2021 underscore the risks associated with the cross-chain bridges. It’s also worth noting the North Korean group Lazarus have been allegedly involved in several attacks,
- While Multichain once declared itself a “leader in terms of security,” it now stands as a testament to the unpredictable and high-risk nature of the cryptocurrency industry.
Investigation & Current Status
- The suspected cause of the breach is a loss of control over the MPC address by the Multichain team. As of now, there’s no definitive explanation.
- Circle, the issuer of USDC, froze $63 million linked to the breach.
Positive Aspects & Future Prospects
- Assets worth 63.2 million USDC and 2.53 million USDT have been frozen by Circle and Tether within 24 hours of the incident.
- The stationary nature of the stolen funds suggests potential negotiations with the hacker, possibly allowing for some asset recovery.
Precautionary Measures
- Users should verify the status of cross-chain bridges through official channels and project explorers before initiating transactions.
- Approve only intended transfer amounts and ensure investments remain within an acceptable loss range.
- In case of future breaches, revoke contract authorizations swiftly and liaise with project teams.
Conclusion
The Multichain breach highlights the inherent vulnerabilities of cross-chain bridges in the evolving cryptocurrency landscape.
While they play a crucial role in ensuring interoperability, their increasing susceptibility to attacks underscores the urgent need for enhanced security, regular audits, and overall transparency in design and operation.