Cross-chain router protocol Multichain has been exploited for nearly $130 million after an attacker siphoned capital out of numerous token bridges.
"The lockup assets on the Multichain MPC address have been moved to an unknown address abnormally," Multichain wrote on Twitter. "The team is not sure what happened and is currently investigating. It is recommended that all users suspend the use of Multichain services and revoke all contract approvals related to Multichain."
The unexpected outflows stripped Multichain’s Fantom bridge of nearly its entire holdings in wBTC, USDC, USDT and a handful of altcoins. Together, the assets were worth over $130 million. On-chain sleuths described the activity as highly unusual; Fantom Foundation CEO Michael Kong told CoinDesk he was “looking into it.”
Multichain has been under pressure for over a month because of failing tech and its AWOL CEO. The trio of unexplained outflows from Multichain’s Fantom, Moonriver and Dogecoin bridge contracts sparked fears on crypto Twitter that a hack could be afoot. Multichain could not immediately be reached for comment.
Binance CEO Changpeng 'CZ' Zhao said that the exploit does not impact Binance users.
"Looks like another hack happened on Multichain. This DOES NOT affect users on Binance itself. We have swapped all assets out and closed deposits a while back. Regardless, we offer our assistance in helping with the situation," CZ wrote on Twitter.
UPDATE (July 7, 2023, 09:17 UTC): Updates headline and adds context on the exploit throughout.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.