DeFi bridges have become an essential part of the decentralized finance ecosystem, allowing users to transfer assets between different blockchain networks, expanding DeFi's reach, and increasing liquidity. However, these bridges are not without risks, as demonstrated by the recent hacks on the MultiChain Bridge. In this article, we'll explore the recent MultiChain Bridge hack, and the steps users can take to minimize risk.
DeFi bridges enable asset transfers between different blockchain networks, allowing users to access assets and protocols on various networks, expanding DeFi's reach and increasing liquidity. For instance, a user can deposit Ether on the Ethereum network and receive a wrapped version of it on the Binance Smart Chain (BSC).
DeFi bridges, in general, are not without risks. One risk is the lack of transparency around bridged assets, including uncertainty about their value or collateral backing. Moreover, the bridge relies on a single CEO to manage the keys, making it vulnerable to single-point-of-failure attacks.
MultiChain Bridge Hack
Recently, a third of the assets bridged to Fantom were hacked and moved to an external account. The MultiChain team initially had no clarity on the issue and did not report anything until alerted by PeckShield.
The hack is especially concerning because there is now uncertainty as to which assets are backed by MultiChain assets and which are not. The MultiChain team halted activities on the blockchain, and all bridge transactions were stuck on the source chains. There is no confirmed resume time, and currently, the MultiChain service has totally stopped.
Not the first time…
The MultiChain Bridge (formerly Anyswap) has a troubled history, with multiple security breaches. Earlier, in 2022, six multi-token contracts were found to be vulnerable to an approvals draining attack, leading to an estimated $3 million in user losses. In May 2023, MultiChain caused panic when responding to bridging delays, potential insider dumping, and team arrest rumors with a vague "force majeure" explanation.
How much is lost?
According to reports, approximately $126 million worth of cryptocurrency was withdrawn from MultiChain Bridge, making it one of the worst attacks in July 2023. Several audit firms are investigating the matter.
The exploiter addresses and current holdings at the time of writing (totaling $126.3M) include:
- 0x9d5765ae1c95c21d4cc3b1d5bba71bad3b012b68 ($16.7M including DAI, LINK, USDT and CRV)
- 0xefeef8e968a0db92781ac7b3b7c821909ef10c88 ($30.1M in USDC)
- 0x418ed2554c010a0c63024d1da3a93b4dc26e5bb7 ($13.4M in wETH)
- 0x622e5f32e9ed5318d3a05ee2932fd3e118347ba0 ($30.9M in wBTC)
- 0x48bead89e696ee93b04913cb0006f35adb844537 ($7.5M in USDC, USDT, DAI and wBTC from Moonriver)
- 0x027f1571aca57354223276722dc7b572a5b05cd8 ($27.7M in USDC)
Circle Freezes Funds
Circle, the issuer of USD Coin (USDC), has frozen $63 million belonging to three wallet addresses associated with the recent hack of the cross-chain bridge platform Multichain. The frozen funds were associated with three wallet addresses that received a significant outflow of funds from Multichain after the security breach, so far for the immutability of the blockchain, although this could be considered a favorable intervention by the centralized parties.
What Should Users do?
To minimize risk, it is recommended that users withdraw any funds they have on the MultiChain Bridge immediately. Additionally, users should exercise caution when using any bridging service, as they are inherently risky. Users should also be cautious when depositing assets and only deposit what they can afford to lose. Keeping up-to-date with the latest news and developments in the DeFi space is also crucial to staying informed about potential risks.
The MultiChain hack is still unfolding, and new updates will be given throughout the week. What we do know is that this incident serves as another stark reminder of the ever-present risks and vulnerabilities in blockchain technology. The DeFi space must continue to improve its security measures and transparency to ensure that users can trust and utilize the technology safely, and to prevent hackers from accessing other people's money through a single service and making off with millions of dollars.
Connect with Bitfinity Network
*Disclaimer: While every effort is made on this website to provide accurate information, any opinions expressed or information disseminated do not necessarily reflect the views of Bitfinity itself.