The decentralized finance ecosystem suffered a devastating blow in early July 2023 when Multichain, one of the most widely used cross-chain bridge protocols, experienced a catastrophic exploit that saw more than $125 million siphoned from its bridges in a single day. The incident, which unfolded on July 6, sent shockwaves through the DeFi community and raised urgent questions about the security of cross-chain infrastructure.
TL;DR
- Multichain lost over $125 million in unauthorized withdrawals on July 6, 2023, with total losses eventually exceeding $230 million
- The Fantom bridge was hit hardest, accounting for nearly $120 million of the initial losses
- Stolen assets included DAI, LINK, USDC, WBTC, and wrapped ETH across multiple chains
- Circle and Tether froze stolen stablecoins, but only $7.6 million was recovered from July’s hacks combined
- July 2023 became the worst month for DeFi exploits in the year with $390 million in total losses
The Exploit Unfolds
On July 6, 2023, blockchain monitoring tools detected unusually large, unauthorized withdrawals from Multichain’s cross-chain bridges. Within hours, more than $125 million in various cryptocurrency tokens had been moved to addresses controlled by an unknown attacker. The stolen assets spanned multiple token types, including DAI, Chainlink (LINK), USDC, Wrapped Bitcoin (WBTC), and wrapped Ethereum (wETH).
The Fantom blockchain bridge bore the brunt of the attack, with nearly $120 million drained from that single bridge alone. Multichain, formerly known as Anyswap, operated as a cross-chain router protocol that facilitated token transfers across multiple blockchains — a critical piece of infrastructure in the increasingly fragmented DeFi landscape.
Multichain moved quickly to suspend all services following the discovery of the exploit, but the damage had already been done. In the days that followed, an additional $103 million in assets was reportedly moved, bringing the total losses from the incident to over $230 million by some estimates.
Access Control Failure at the Core
Initial analysis by blockchain security firms, including Chainalysis, pointed to an access control exploit as the root cause. The attacker appeared to gain control of Multichain’s administrative keys, which allowed them to authorize the massive withdrawals without triggering standard security checks. The nature of the attack raised immediate speculation about whether this was an external hack or an insider job — what the crypto community terms a “rug pull.”
Adding to the suspicion was the reported disappearance of Multichain’s CEO, known by the pseudonym “Zhaojun,” who became unreachable around the time of the exploit. The combination of admin key compromise and leadership unavailability fueled theories that the incident may have been an inside job rather than a sophisticated external attack.
Regardless of the ultimate cause, the exploit exposed a fundamental vulnerability in cross-chain bridge architecture. Unlike individual blockchains, which rely on decentralized consensus mechanisms for security, bridges often depend on centralized control elements — such as admin keys or multisig wallets — that create single points of failure.
Stablecoin Issuers Respond
In the aftermath of the exploit, both Circle (issuer of USDC) and Tether (issuer of USDT) took the unusual step of freezing stolen stablecoins held in the attacker’s wallets. This action, while controversial in some crypto circles, prevented the attacker from converting a portion of the stolen funds into other assets and effectively reduced the recoverable losses.
The intervention by stablecoin issuers highlighted a growing trend in the crypto industry: the use of centralized controls to mitigate the impact of decentralized exploits. While this approach can protect users from total losses, it also raises questions about the degree of centralization in supposedly decentralized systems.
July 2023: A Devastating Month for DeFi
The Multichain exploit was the largest in a devastating month for DeFi security. According to the De.Fi Rekt Report, July 2023 saw total losses of approximately $390 million across all crypto exploits — making it the worst month of the year for security incidents and significantly exceeding the $80 million lost in July 2022.
Ethereum was the most targeted blockchain, suffering $350.7 million in losses across 36 separate incidents. Other notable July exploits included the AlphaPo hack ($23 million), a Vyper reentrancy exploit that drained over $50 million from multiple DeFi protocols, and attacks on Era Lend ($3.4 million) and Conic Finance ($3.3 million).
The recovery rate for the month was dismal. Of the nearly $390 million lost, only $7.6 million was recovered — a sobering statistic that underscored the difficulty of tracing and retrieving stolen cryptocurrency assets once they’ve been moved through mixing services or cross-chain bridges.
Broader Implications for Cross-Chain Security
The Multichain exploit reignited the long-running debate about the security of cross-chain bridges, which have consistently ranked among the most vulnerable components of the DeFi ecosystem. From the Ronin Bridge hack ($625 million) to the Wormhole exploit ($325 million) and the Harmony Bridge attack ($100 million), bridges have repeatedly proven to be attractive targets for attackers.
The fundamental challenge is architectural. Cross-chain bridges must maintain liquidity pools on multiple blockchains and manage complex message-passing systems between them. This creates multiple attack surfaces — from smart contract vulnerabilities to key management failures — that individual blockchains don’t face. The Multichain incident served as yet another reminder that the convenience of cross-chain interoperability comes with significant security trade-offs.
Why This Matters
The Multichain exploit of July 2023 was more than just another DeFi hack — it was a wake-up call for an industry that was rapidly building interconnected infrastructure without adequate security foundations. As cross-chain bridges handle billions of dollars in daily transaction volume, the concentration of risk in these protocols represents a systemic threat to the entire DeFi ecosystem. The incident demonstrated that until bridge security can match the robustness of individual blockchains, the promise of a seamlessly interconnected multi-chain future will remain constrained by the weakest link in the chain.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Always do your own research before making investment decisions.
Fantom bridge losing 120m out of 125m total. that chain was basically running on multichain liquidity and they just pulled the plug on the whole thing
Circle and Tether freezing the stablecoins was the right move, but 7.6m recovered out of 390m in July alone is a brutal recovery rate.
Anyswap rebranding to Multichain didnt fix the underlying issues, just gave everyone a false sense of security. Same team, same keys
^ exactly. they had that same vulnerability pattern from the 2021 exploit too. never learn