In July 2023, an estimated $126 million in various tokens were withdrawn from Multichain bridges. The incident was believed to be a hack, but the cause is currently unknown.
Inside the Attack
In July 2023, Multichain experienced a hack that involved the withdrawal of an estimated $126 million in assets. Affected tokens included DAI, Link, USDC, WBTC and wETH.
Shortly after the attack, Multichain recommended that users stop using the service and revoke any existing approvals. The transfers of funds were described as “unauthorized”, but the means by which the hack was carried out was unknown.
One theory for the hack is that it involved a compromise of the private keys used to approve transactions traveling over the bridge. This is based on the fact that the attack impacted multiple bridges and does not obviously relate to vulnerabilities discovered during the project’s smart contract audits.
Lessons Learned From the Attack
The cause of the Multichain attack is unknown and may relate to the technical issues experienced by the project after its CEO went missing over a month earlier. If this is the case, it indicates potential security risks related to the centralization of power and control in a single individual.
Protecting against major hacks requires auditing both smart contract vulnerabilities and project architectures to help identify and fix these types of complex issues. For help in securing your DeFi project, get in touch with Halborn.