Multichain Bridge saw a massive outflow of over $127 million in assets. The team announced on Twitter that it is unsure right now, is conducting an investigation, and has paused the asset bridge. Users were advised to revoke approvals to the bridge if had any.
The lockup assets on the Multichain MPC address have been moved to an unknown address abnormally. The team is not sure what happened and is currently investigating. It is recommended that all users suspend the use of Multichain services and revoke all contract approvals related to Multichain.
Following the suspicious transfers, several sharp-eyed on-chain sleuths began their own investigations.
Popular Knowledge graph protocol 0xScope believed the impact of the Multichain incident has spread to Fantom, Moonriver, Kava, Dogechain, Conflux, and ETHW ecosystems. Currently, various stablecoin assets on these chains have been de-pegged.
The unprecedented outflows sparked fears of hack and there were even allegations of rug pulling. One analyst, though, refuted the rumors.
According to Loki_Zeng, the asset transfer took a considerable amount of time, and each asset was sent to a separate wallet. Moreover, there was no subsequent activity [such as swapping or mixing], leaving the recipient’s wallet entirely clean.
Before the transfer, a small amount of 2USDC was used to test the transaction.
“Considering the technical characteristics of MPC, the transferor may have completely obtained the control of private key fragments exceeding the threshold in some way,” the anonymous expert added.
The cross-chain protocol team made the following announcements during the time this article was being written.
“The Multichain service stopped currently, and all bridge transactions will be stuck on the source chains. There is no confirmed resume time. Please don’t use the Multichain bridging service now.”
Bridges continue to be more susceptible to hackers than cryptocurrency networks themselves as the market transitions to a fully multi-chain future. Over $2 billion in assets were taken by token bridge exploits in 2022 alone.
Multichain Incident- A Reminder Of Bridges’ Vulnerability
According to a study led by Chainalysis, there have been a total of 13 cross-chain bridge breaches resulting in a loss of $2 billion in Bitcoin, the majority of which was taken this year.
69% of the total funds stolen in 2022 to date have been obtained through attacks on bridges.
Experts believed that bridges’ central storage point of funds that back the “bridged” assets on the receiving blockchain presents an enticing target for attackers.
Additionally, an effective bridge design is still a pipe dream because there remain technical challenges that need to be solved, even if many new models are being created and tested.
