On July 7, 2023, Multichain revealed that over $120 million in assets had been removed from the system by an unidentified address. Although the firm claimed to be “currently investigating” the issue, it has not yet offered any other information.
Multichain, formerly known as Anyswap, is a cross-chain liquidity mechanism that enables users to exchange tokens between several blockchains. Multichain’s CEO Zhaojun founded it in July 2020, and since then it has grown to be one of the most used cross-chain bridges on the planet. Over 70 different blockchains, including Ethereum, Binance Smart Chain, Polygon, and Avalanche, are supported by Multichain. Additionally, it supports a number of tokens, such as ETH, USDC, and DAI.
Zhaojun, has been missing since late May. Multichain said in a tweet that it had “experienced multiple issues” and was unable to get in touch with Zhaojun in order to “obtain the necessary server access for maintenance.”
Being one of the most significant security lapse to affect the cryptocurrency sector in recent months is the missing funds from Multichain. Hackers stole more than $600 million in cryptocurrency in December 2022 from the Ronin Network, a link that enables users to transfer tokens between the Ethereum blockchain and the Ronin blockchain. Additionally, about $300 million worth of cryptocurrency was stolen from the Wormhole bridge by hackers in January 2023.
The security of crypto bridges has been under scrutiny in light of recent security incidents at Multichain, Ronin Network, and Wormhole. The decentralized finance (DeFi) ecosystem depends on these bridges to function, but they are also open to assault.
Here are the details:
- The outflow of assets occurred on July 7, 2023. An unknown address withdrew over $120 million worth of assets from Multichain, including ETH, USDC, and DAI.
- Multichain’s CEO, Zhaojun, has been missing since late May. In a tweet, Multichain said that it had “experienced multiple issues” and was unable to contact Zhaojun to “obtain the necessary server access for maintenance.”
- BlockSec, a digital-asset security specialist, has been investigating the incident. BlockSec believes that the outflow of assets was caused by a “security vulnerability” in Multichain’s code.
- Multichain has said that it is “working with law enforcement” to investigate the incident. The company has also said that it is “committed to providing full transparency” to its users.
- BlockSec has traced the stolen funds to six different wallets. These wallets are currently holding over $100 million worth of assets.
- BlockSec believes that the stolen funds could be used to fund further attacks on the DeFi ecosystem. The company is urging users to be vigilant and to take steps to protect their assets.
- Multichain has said that it is “working to recover the stolen funds.” The company has not yet provided any details about how it plans to do this.
It is still too early to say what the outcome of the investigation will be. However, the incident has raised concerns about the security of crypto bridges. These bridges are essential for the functioning of the decentralized finance (DeFi) ecosystem, but they are also vulnerable to attack.