paint-brush
Multichain Hack and Its Consequencesby@sirfedos
6,041 reads
6,041 reads

Multichain Hack and Its Consequences

by Sir FedosJuly 11th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Multichain Bridge has been hacked with a loss of $126m, still, there are no details about how it happened. Part of the funds is frozen, but how does it affect the Fantom chain and $FTM?
featured image - Multichain Hack and Its Consequences
Sir Fedos HackerNoon profile picture

In this article, I want to share details about the recent Multichain hack and if it affected the Fantom chain or how it affected ordinary investors. All stated are my thoughts on the situation and observations from public sources.

About Mutlichain

Multichain (previously AnySwap) - is an infrastructure developed for arbitrary cross-chain interactions. It supports more than 25 chains and more than 1100 tokens; that sounds solid.


There is one more interesting fact: Multichain is an issuer of $USDC, $DAI, and $fUSDT stablecoins on the Fantom chain. And it was the only bridge available to transfer funds to/from Fantom before modern omnichain solutions such as LayerZero came.


I’ve been using Multichain a few times and my personal experience wasn’t very smooth.

What happened?

Bridge solutions have shown their vulnerability numerous times before, and this type of news is not something new for a person who has followed crypto news for at least a year. On the 7th of July 2023, Multichain Bridge was hacked with a loss of $126m; still, there are no details about how it happened.


Here is the screenshot of the latest hacks that happened in blockchain, including the Multichain:


The reason is stated as “Private Key Compromised (Unknown Method)”. Official statements on Multichain’s Twitter:

So, “something happened”, the bridge stopped, and $126m was lost. There wasn’t any update since these two tweets from the Multichain.


The only actor who cares and keeps the community updated here is the Fantom Foundation. They tweeted about the Multichain hack even before Multichain did lol.

Another interesting misleading statement from the Fantom Foundation:

One question that comes to my mind after reading the tweets above: is Multichain managed by Fantom Foundation?


And unfortunately, this hack affected the Fantom chain in general and the $FTM token as well. Some people were trying to save their investments and transfer funds to another chain, some were shorting $FTM. As a result, the price went down. Regarding the chain itself, all of the lending/borrowing protocols were stopped because of the depeg of 3 stablecoins on the chain that were operated by Multichain. Total TVL of the chain reduced by about $40m in a few days due to Defillama


What about Circle (USDC), Tether (USDT), and Maker (DAI)?


There wasn’t any announcement on the official Twitter accounts of these stablecoins. They decided to not “spoil” their feed with the news that their tokens cost $0.3-$0.5 instead of $1 on the Fantom chain.


Later on, we got an update from Tether and Circle regarding the freezing of stolen tokens but posted again by Fantom Foundation:

Thankfully, about $62.5m has been frozen…but what about the other $63.5m and the total depeg of tokens?

Conspiracy Personal Observations

When the hack happened, firstly, I went to the SpookySwap, as they had integrated the Multichain bridge on their DEX, to check what was going on there. The bridge was disabled, but I’ve found an integration with Axelar Bridge instead. It got released just the day before the hack happened and was the last way to get money out of Fantom. Also, the launch of Axelar added axlUSDC and other wrapped tokens to the Fantom chain, providing an alternative to depegged coins.

What if I tell you Axelar is not the only one who launched on Fantom on the same day? Please, welcome LayerZero and Stargate!

We have two big protocols coming to the Fantom chain with their own wrapped versions of stablecoins and cross-chain solutions just before the hack that would cause depeg of current Fantom’s stables and leave the network without connection with other chains.


So you either bridge your leftovers using Axelar/LayerZero or swap depegged assets into a wrapped one of your choice with a loss of 50%-70% but on the same chain. Sounds tasty, isn’t it?

Conclusion

All in all, I think we have something more than an ordinary bridge hack here. Worth mentioning that stolen funds were transferred to different addresses once and stayed there, not withdrawn through mixer or CEXes. But the reality stays the same: everyone who had stables on the Fantom chain became exit liquidity and would become intro liquidity for new cross-chain protocols. The question is how soon it would happen again with these “new” stablecoins and if new solutions are decentralized enough. As we see, the hack of one bridge (Multichain) caused such massive harm to the Fantom chain because of TVL loss, token dump, halt of lending protocols, and stablecoins depeg, which shows kind of a centralized approach.