Cross-chain bridge Multichain has reportedly lost crypto assets worth $126 million after being locked since May.
The bridge has $1.25 billion in total liquidity for facilitating cross-chain transfers, per DeFiLlama.
The team confirmed the exploit this morning in a tweet that assets locked were being “moved to an unknown address abnormally.”
Blockchain security firm PeckShied tracked the stolen tokens, which include Wrapped Bitcoin (WBTC), Chainlink (LINK), and stablecoins in Circle’s USDC, Tether’s USDT, and Dai (DAI) worth $126 million, and found that they were moved to six new Ethereum addresses.
Fantom saw the most significant withdrawals of $118 million out of four affected chains, including Ethereum, Avalanche, and Binance Smart Chain.
Curve Finance, the largest decentralized stablecoin exchange, also warned users about using the bridge, writing that “multichain likely hacked” nearly nine hours before the team confirmed the transfers.
Multichain co-founder Dj Qian tweeted that “another hack happened to multichain” while the other cross-chain swaps “are all good and safe.”
He then recommended all users who have used multichain to revoke permissions.
The $126 million in various cryptocurrencies have yet to be moved to a centralized exchange or deposited in a mixing service.
Multichain chaos
Multichain’s problems began in late May when users reported that their transactions were stuck for days.
At the same time, rumors started circulating about the arrest of Multichain CEO Zhaojun in China. Later, the team said that they hadn’t been able to contact Zhaojun, who holds the private key to the pools whose transactions were stuck.
Binance, which had earlier suspended certain Multichain token deposits to the exchange, halted their withdrawals on July 5.
This morning, the assets in question were moved out of Multichain pools to unknown addresses.
UPDATE (December 16, 2019): This story has been updated to include latest developments of the QuadrigaCX story including the request for exhumation of the CEO.
It was not your average exchange hack. This is a tale of changing identities, a marriage, a last-minute will and the strange death of a person solely responsible for $190 million in assets. This is the story of QuadrigaCX, Canada’s largest crypto exchange.
On January 14, Gerald Cotten, the 30-year-old co-founder and CEO of Canad...
Decrypt reached out to Multichain for clarification on the issue of Zhaojun’s disappearance but did not receive a response from them.
The latest exploit again highlights the risk of cross-chain bridges, which have become a hotspot for hackers. DeFiLlama data shows that out of $5.44 billion hacked from DeFi protocols so far, bridges account for 48%, or $2.66 billion.
A white-hat hacker has returned 322 Ethereum (around $900,000) after an exploit drained Multichain users of more than $3 million worth of crypto this week.
Up to $1.5 million worth of Ethereum is still at large, however.
Multichain is a cross-chain router protocol that bridges users between thirty different blockchains, including Bitcoin, Ethereum, and Terra.
This week’s critical vulnerability appears to have affected six tokens on the protocol: Wrapped ETH (WETH), Peri Finance Token (PERI), O...
The protocol’s governance token, MULTI, lost 14.7% in the last 24 hours as the hack reports were circulated, according to CoinGecko.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
