28 C
New York
Friday, June 14, 2024

Multichain hack: More than 240 million dollars have already been stolen

The crosschain bridge Multichain has been hacked again. From what is known, assets worth $130 million were initially stolen, followed by another $120 million. The cause is currently unknown.

On July 7, Multichain’s Twitter account announced that the “lockup assets” on Multichain’s MPC address had been “abnormally” transferred to another, unknown address. The team is not sure what happened and is currently investigating. It stopped and discouraged users from using all multichain services and recommended revoking all multichain shares in the wallet.

Multichain is what is known as a bridge: a platform that connects numerous blockchains by storing liquidity in different tokens on different blockchains. In a world with different blockchains, such bridges are important – but because of the many blockchains involved, they are often the weakest link in a chain.

Also Read:

Most of the initially stolen tokens were in the Bridge to Fantom (FTM), $102 million. In total, WBTC, USDC, DAI, ETH and LINK were the most stolen, together worth $130 million. Compared to the total $1.26 billion worth of tokens locked into Multichain, the losses are relatively manageable and one could hope that the damage would be limited.

From yesterday to today, however, a second wave of debits apparently began. These payouts are also considered “abnormal”. They again mainly affect DAI, ETH, USDC, USDT and WBTC, on the Arbitrum, BNB, Avalance, Cronos, Polygon, Moonbeam, Optimism and Ethereum blockchains, totaling around $110 million.

What exactly happened is largely unknown. A common theory is that a private key used to sign transactions going across the bridges was compromised. The reason for this assumption is that bridges to or from countless blockchains are affected, which is why a common vulnerability or error in the smart contracts is unlikely. Instead, everything points to a bug or compromised key in the multichain platform itself.

Exchanges like Binance have temporarily suspended multichain deposits. Circle, the issuer of the USDC tokens, also responded promptly and froze $63 million worth of tokens.

Immediately after the hack, the first scammers appeared. They copied the Fantom Foundation’s social media profiles and claimed to issue FTM tokens to victims of the hack, which could be collected by logging into certain sites with the wallet. And so forth.

Things aren’t going too well for the multichain bridge this year. As recently as late May, CEO Zhao Jun went missing , leaving the team unable to gain access to a key server to maintain the bridge. As a result, the bridges to or from some lesser-known blockchains had to be suspended, such as Public Mint, Ekta or ONUS. Zhaojun was rumored to have been arrested in China, along with associates at the Yuan-based stablecoin Trust Reserve. His arrest may be related to the compromised key, possibly by corrupt officials.

Multichain was hacked at the end of January 2022. However, “only” three million dollars were stolen from this. Unlike after this hack, the bridge protocol is unlikely to get off so lightly after losing more than $200 million.

Latest Posts

Don't Miss

Stay in touch

To be updated with all the latest news, offers and special announcements.