Multichain Suffers $126M Exploit
Multichain,is a cross-chain bridge that connects Ethereum, Bitcoin, and Dogechain to each other suffered a $120 million hack with the attacker moving funds from its Fantom and Moonriver Bridge.
What is Multichain?
Multichain, formerly known as Anyswap, is a cross-chain bridge that connects blockchains including Ethereum, Bitcoin, and even Dogechain to each other.
What happened?
The company has suffered a $120 million hack with the attacker moving funds from its Fantom and Moonriver bridge. Following the incident, Multichain advised users to revoke all approvals related to the protocol.
Multichain said it was experiencing unusual activity on Thursday evening and added that assets had “been moved to an unknown address abnormally.” Blockchain security firm Peck Shield found that the stolen funds included several stablecoins, including Tether, Circle’s USDC, Dai, Chainlink, Wrapped Bitcoin(WBTC), and Wrapped Ether(WETH).
The funds were transferred to six different addresses, three of which were subsequently blacklisted by Circle, according to PeckShield. Later Tether followed suit and froze two accounts. Circle and Tether have frozen close to half of the stolen funds.
Most impacted were tokens going from the Fantom FTM blockchain into either Ethereum or the Binance Smart Chain. That liquidity pool on the Multichain bridge suffered the largest exploit as about $118 million were transferred out of it. Transfers out of the Dogecoin and Moonriver blockchains also were affected.
Attack Vector
While the exact attack vector is still to be determined, the behavior of transactions appears to suggest that an attacker was able to control the addresses directly.
Plausible methods of gaining access include a back-end breach, obtaining private keys via spearphishing, or the actions of a malicious insider.
Its smart contract auditor, CertiK, tied the attack to a private key compromise, adding that this was outside the scope of its earlier audit.
On-chain sleuth Loki Zeng corroborated this view, noting that the asset transfer lasted for a long time. Zeng added that the attacker might have somehow obtained complete control of the protocol’s private key fragments exceeding the threshold.
The Missing CEO
The team behind the bridge announced in late May that it could not contact its CEO and co-founder, Zhaojun after rumors of his arrest in China appeared on Twitter. Zhaojun held the only access codes required to fix technical issues with the protocol.
Multichain currently has $1.26 billion worth of cryptocurrencies locked into its system according to DeFi Llama. All bridge transactions are currently stuck on source chains as the company halted operations.
The Phishing Scam that followed
Shortly after the Multichain hack, scammers started spreading a phishing link on Twitter.
The fraudulent distribution of Fantom to users — falsely linked to the Multichain attack — is rapidly spreading on Twitter, attracting significant attention. The post has attracted a lot of attention from Twitter users.
In the last few hours of this campaign, the announcement with a fake invitation to a reimbursement program and a phishing link was retweeted over 6,000 times.
https://twitter.com/FantomFNlD/status/1677417372771049479
“Due to the Multichain hack, Fantom Foundation is issuing an emergency FTM distribution to all users. All users who have interacted with the FTM chain are eligible to claim.”
Further Read
https://rekt.news/multichain-rekt2/
https://cryptoslate.com/multichain-halts-services-after-126m-exploit/
https://www.cryptotimes.io/hack-alert-multichain-devs-find-cross-bridge-vulnerability/
https://cryptoslate.com/circle-tether-freeze-over-half-of-the-126m-assets-stolen-from-multichain-breach/
https://u.today/scam-alert-multichain-hack-victims-targeted-by-fantom-ftm-impersonators