Multichain halts services after $126M exploit
Multichain's MULTI token plunged 16% after the attack.
Cross-chain protocol Multichain (MULTI) stopped services today after confirming the abnormal movements of funds from its MPC address.
Blockchain security firm Peckshield reported that Multichain was exploited for $126 million, with the attacker moving funds from its Fantom (FTM) and Moonriver (MOVR) bridge.
Following the incident, Multichain advised users to revoke all approvals related to the protocol. Fantom Foundation said it was “evaluating the circumstances and will provide an update as soon as we have more to share.”
Multichain exploit
Even though Multichain has not yet released the details of the exploit, initial reactions from the community suggest a possible compromise of the protocol’s private key.
Its smart contract auditor, CertiK, tied the attack to a private key compromise, adding that this was outside the scope of its earlier audit.
On-chain sleuth Loki Zeng corroborated this view, noting that the asset transfer lasted for a long time. Zeng added that the attacker might have somehow obtained complete control of the protocol’s private key fragments exceeding the threshold.
Web3 Knowledge Graph Protocol 0xScope stated that the impact of the exploit extends to other chains like Kava, Dogechain, Conflux, and ETHW. The firm added that multiple stablecoin assets across these chains have depegged.
Meanwhile, Daniele Sestagalli of the ICE crypto project stated that the team has decided to burn $1.85 million worth of ICE tokens impacted by the exploit. He added that the burned tokens would be airdropped to Fantom Multichain users as a new token, WAGMI.
Multi down 16%
Multichain’s MULTI token fell by over 16% after the attack to $2.60 at the time of writing, according to CryptoSlate’s data.
The exploit has further exacerbated the protocol’s issues as it has faced several challenges recently.
In May, amid rumors of CEO Zhao Jun’s arrest in China, the Multichain team lost contact with him. Coincidentally, the protocol faced a botched upgrade of its cross-chain bridge during the same period, with the team attributing the unavailable routes to a “force majeure” situation.
Amid the recent challenges, Binance suspended support for eight bridged tokens from the cross-chain protocol earlier this week until further notice.