The decentralized finance ecosystem suffered a devastating blow in early July 2023 when Multichain, one of the most widely used cross-chain bridge protocols, experienced a catastrophic exploit that saw more than $125 million siphoned from its bridges in a single day. The incident, which unfolded on July 6, sent shockwaves through the DeFi community and raised urgent questions about the security of cross-chain infrastructure.
TL;DR
- Multichain lost over $125 million in unauthorized withdrawals on July 6, 2023, with total losses eventually exceeding $230 million
- The Fantom bridge was hit hardest, accounting for nearly $120 million of the initial losses
- Stolen assets included DAI, LINK, USDC, WBTC, and wrapped ETH across multiple chains
- Circle and Tether froze stolen stablecoins, but only $7.6 million was recovered from July’s hacks combined
- July 2023 became the worst month for DeFi exploits in the year with $390 million in total losses
The Exploit Unfolds
On July 6, 2023, blockchain monitoring tools detected unusually large, unauthorized withdrawals from Multichain’s cross-chain bridges. Within hours, more than $125 million in various cryptocurrency tokens had been moved to addresses controlled by an unknown attacker. The stolen assets spanned multiple token types, including DAI, Chainlink (LINK), USDC, Wrapped Bitcoin (WBTC), and wrapped Ethereum (wETH).
The Fantom blockchain bridge bore the brunt of the attack, with nearly $120 million drained from that single bridge alone. Multichain, formerly known as Anyswap, operated as a cross-chain router protocol that facilitated token transfers across multiple blockchains — a critical piece of infrastructure in the increasingly fragmented DeFi landscape.
Multichain moved quickly to suspend all services following the discovery of the exploit, but the damage had already been done. In the days that followed, an additional $103 million in assets was reportedly moved, bringing the total losses from the incident to over $230 million by some estimates.
Access Control Failure at the Core
Initial analysis by blockchain security firms, including Chainalysis, pointed to an access control exploit as the root cause. The attacker appeared to gain control of Multichain’s administrative keys, which allowed them to authorize the massive withdrawals without triggering standard security checks. The nature of the attack raised immediate speculation about whether this was an external hack or an insider job — what the crypto community terms a “rug pull.”
Adding to the suspicion was the reported disappearance of Multichain’s CEO, known by the pseudonym “Zhaojun,” who became unreachable around the time of the exploit. The combination of admin key compromise and leadership unavailability fueled theories that the incident may have been an inside job rather than a sophisticated external attack.
Regardless of the ultimate cause, the exploit exposed a fundamental vulnerability in cross-chain bridge architecture. Unlike individual blockchains, which rely on decentralized consensus mechanisms for security, bridges often depend on centralized control elements — such as admin keys or multisig wallets — that create single points of failure.
Stablecoin Issuers Respond
In the aftermath of the exploit, both Circle (issuer of USDC) and Tether (issuer of USDT) took the unusual step of freezing stolen stablecoins held in the attacker’s wallets. This action, while controversial in some crypto circles, prevented the attacker from converting a portion of the stolen funds into other assets and effectively reduced the recoverable losses.
The intervention by stablecoin issuers highlighted a growing trend in the crypto industry: the use of centralized controls to mitigate the impact of decentralized exploits. While this approach can protect users from total losses, it also raises questions about the degree of centralization in supposedly decentralized systems.
July 2023: A Devastating Month for DeFi
The Multichain exploit was the largest in a devastating month for DeFi security. According to the De.Fi Rekt Report, July 2023 saw total losses of approximately $390 million across all crypto exploits — making it the worst month of the year for security incidents and significantly exceeding the $80 million lost in July 2022.
Ethereum was the most targeted blockchain, suffering $350.7 million in losses across 36 separate incidents. Other notable July exploits included the AlphaPo hack ($23 million), a Vyper reentrancy exploit that drained over $50 million from multiple DeFi protocols, and attacks on Era Lend ($3.4 million) and Conic Finance ($3.3 million).
The recovery rate for the month was dismal. Of the nearly $390 million lost, only $7.6 million was recovered — a sobering statistic that underscored the difficulty of tracing and retrieving stolen cryptocurrency assets once they’ve been moved through mixing services or cross-chain bridges.
Broader Implications for Cross-Chain Security
The Multichain exploit reignited the long-running debate about the security of cross-chain bridges, which have consistently ranked among the most vulnerable components of the DeFi ecosystem. From the Ronin Bridge hack ($625 million) to the Wormhole exploit ($325 million) and the Harmony Bridge attack ($100 million), bridges have repeatedly proven to be attractive targets for attackers.
The fundamental challenge is architectural. Cross-chain bridges must maintain liquidity pools on multiple blockchains and manage complex message-passing systems between them. This creates multiple attack surfaces — from smart contract vulnerabilities to key management failures — that individual blockchains don’t face. The Multichain incident served as yet another reminder that the convenience of cross-chain interoperability comes with significant security trade-offs.
Why This Matters
The Multichain exploit of July 2023 was more than just another DeFi hack — it was a wake-up call for an industry that was rapidly building interconnected infrastructure without adequate security foundations. As cross-chain bridges handle billions of dollars in daily transaction volume, the concentration of risk in these protocols represents a systemic threat to the entire DeFi ecosystem. The incident demonstrated that until bridge security can match the robustness of individual blockchains, the promise of a seamlessly interconnected multi-chain future will remain constrained by the weakest link in the chain.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Always do your own research before making investment decisions.
125M from Multichain and then another 103M in the following days. cross-chain bridges remain the weakest link in DeFi
Fantom bridge taking 120M of the 125M initial drain. one operator failure wiped out an entire chain’s DeFi scene. cross-chain is just concentrated risk with extra steps
padawan_404 one operator failure taking out an entire chain is exactly why native assets matter. every bridge is basically a multisig with extra steps and Fantom paid the tuition
bridge_audit_bro the Fantom bridge taking 120M of the 125M initial loss tells you how concentrated the risk was in one bridge operator
0xLattice.eth 120M on one bridge operator tells you the whole problem. cross-chain infrastructure was built on trust and nobody verified anything
Fantom bridge took 120M of the damage. FTM holders got wrecked for something they couldnt control
Min-Jun Park FTM holders couldnt control it but they sure paid for it. cross-chain risk is always someone elses failure landing on your portfolio
Min-Jun Park fantom holders paid for multichains incompetence. the protocol team basically vanished after the exploit
Jae-won K. the team vanishing after the exploit was the real story. no postmortem, no recovery plan, just silence. FTM holders deserved better than ghosts
Sora H. the silence was the worst part. no incident page, no discord announcement, just RPCs failing and balances draining. taught everyone to monitor bridge contracts themselves
only 7.6M recovered from all of Julys hacks combined. once the funds leave the bridge they are basically gone
390M total DeFi losses in July 2023 alone. worst month of the year for exploits. bridges need better security standards
Circle and Tether freezing 7.6M out of 390M in July losses. stablecoin freezes help but they are a bandaid on a bullet wound