The cross-chain router protocol Multichain has suffered an exploit resulting in the loss of approximately $130 million. The attacker was able to siphon funds from several token bridges, causing significant outflows. Multichain acknowledged the situation on Twitter, urging users to suspend their utilization of Multichain services and revoke any contract approvals related to the protocol. The company expressed uncertainty about the incident and announced an ongoing investigation.
The lockup assets on the Multichain MPC address have been moved to an unknown address abnormally.— Multichain (Previously Anyswap) (@MultichainOrg) July 6, 2023
The team is not sure what happened and is currently investigating.
It is recommended that all users suspend the use of Multichain services and revoke all contract approvals…
The largest depletion occurred in Multichain’s Fantom bridge, where a substantial portion of assets, including wBTC, USDC, USDT, and various altcoins, were drained. The total value of these assets exceeded $130 million. The activity was deemed highly unusual by on-chain analysts, and Michael Kong, the CEO of Fantom Foundation, stated that he was investigating the matter.
Multichain had already faced scrutiny due to technical failures and the absence of its CEO over the past month. The unexplained outflows from Multichain’s Fantom, Moonriver, and Dogecoin bridge contracts fueled concerns on social media about a potential hack. However, the company could not be immediately reached for comment.
Binance CEO Changpeng ‘CZ’ Zhao assured Binance users that the exploit did not affect them, as the exchange had already taken precautions by swapping assets and closing deposits. He offered assistance in addressing the situation.
Regarding the asset transfers from Multichain’s Fantom bridge, several assets have been impacted, including $62.6 million in USDC, $31 million in WBTC, $13.4 million in WETH, $5 million in DAI, $3.3 million in UNIDX, $3 million in LINK, $2.5 million in USDT, $2.1 million in WOO, $1.8 million in ICE, $1 million in CRV, $914,000 in YFI, and $502,000 in TUSD.
Meanwhile, in the first half of 2023, cryptocurrency losses due to scams, hacks, and rug pull amounted to $656 million, as reported by Beosin. This includes $471.43 million from protocol attacks, $108 million from phishing scams, and $75.87 million from rug pulls. Although significant, these figures represent a decrease compared to the losses in the second half of 2022 ($1.91 billion) and the first half of 2022 ($1.69 billion).
Recently, on July 5, the Ethereum community proposed ERC 7265, a pioneering protocol for enhancing the security of decentralized finance (DeFi) platforms. This innovative mechanism aims to mitigate risks and protect user funds by integrating fail-safe measures into smart contracts. The introduction of ERC 7265 demonstrates ongoing efforts to bolster the security and reliability of the DeFi ecosystem.