Cross-chain bridge protocol Multichain experienced one of the most significant security breaches of 2023 on July 7, with over $126 million in cryptocurrency drained from its bridges in what security researchers describe as either a sophisticated hack or an insider rug pull. The exploit sent shockwaves through the decentralized finance ecosystem and raised fresh questions about the security of cross-chain infrastructure.
The Exploit Mechanics
The attack targeted Multichain’s multi-party computation (MPC) key system, which functions similarly to a multisignature wallet. Instead of relying on traditional private keys, MPC systems split shards of a private key among multiple parties who cooperate to execute transactions. In this case, the attacker gained control of sufficient MPC keys to authorize unauthorized withdrawals on a massive scale.
Nearly $120 million was siphoned from Multichain’s Fantom bridge alone, with assets including wrapped Ether (wETH), wrapped Bitcoin (wBTC), and USDC. The Dogecoin bridge lost $666,000—representing 85% of its total deposits—while the Moon River bridge was drained of $6.8 million in USDC and Tether. The attacker did not immediately swap centrally controlled assets like USDC, an unusual behavior that prompted speculation about insider involvement.
Affected Systems
The exploit impacted multiple blockchain bridges operated by Multichain. The Fantom bridge bore the brunt of the attack, with analysts tracking large, abnormal outflows beginning on July 6. The protocol’s MULTI token experienced a decline of approximately 12% following the incident as market confidence eroded.
Adding to the mystery, Multichain’s CEO, known only as Zhaojun, was reportedly arrested by Chinese police prior to the exploit. According to the Multichain team, Zhaojun’s family confirmed that police confiscated his computers, phones, and hardware devices. The team stated they could not contact him and had lost access to the platform’s MPC keys, creating a dangerous single point of failure.
The Mitigation Strategy
Circle and Tether responded swiftly by freezing addresses holding stolen USDC and USDT, preventing the attacker from moving those specific funds. A white-hat hacker returned 322 Ethereum, approximately $900,000 at the time, in an effort to help recover some of the stolen assets.
However, the damage was largely irreversible. On July 19, the Multichain team officially announced that the company had ceased operations. Zhaojun’s sister had reportedly transferred remaining platform funds to addresses she controlled, allegedly for asset preservation, before being taken into custody by Chinese police.
Lessons Learned
The Multichain exploit underscores the fundamental vulnerability of cross-chain bridges, which have become prime targets for hackers due to their large, centralized repositories of bridged assets. The incident highlighted several critical failures:
- Centralized key management: Despite using MPC technology, the keys were ultimately accessible through a single individual’s devices
- Lack of operational redundancy: The CEO’s arrest created an immediate operational crisis
- Insufficient transparency: Users had limited visibility into the protocol’s governance and key management practices
User Action Required
Users who held funds on Multichain bridges should monitor blockchain explorers for any recovery efforts. With the protocol now defunct, affected users should document their losses for potential future recovery proceedings. Going forward, crypto users should carefully evaluate bridge protocols before depositing funds, prioritizing those with audited smart contracts, decentralized key management, and transparent governance structures. Diversifying across multiple bridges rather than concentrating assets in a single protocol remains one of the most effective risk mitigation strategies available.
Disclaimer: This article is for informational purposes only and does not constitute financial advice. Always conduct your own research before making investment decisions.
the dogecoin bridge lost $666k which was 85% of total deposits. literally almost everything gone. and the team response was basically nothing for 24 hours
the fact that $120M was on the fantom bridge alone tells you everything about where the liquidity was concentrated. one target, one set of keys
24 hours of silence from the team while $126M was draining. that alone told you everything about whether this was a hack or an inside job
the CEO literally disappeared around the same time. chinese media reported he was detained. so was it a hack or did he control enough MPC shards the whole time
Insider rug pull or hack, the end result is the same for users. The MPC key architecture was a single point of failure disguised as decentralization.
single point of failure is exactly right. MPC was marketed as distributed trust but if one party controls enough shards its just a multisig with extra steps
wETH, wBTC, and USDC all drained in hours. if you still use bridges without checking their custody model after this one thats on you honestly
multichain bridge exploits in 2023 alone exceeded $500M total. at some point you stop blaming attackers and start questioning why bridge architecture is fundamentally broken
wormhole nomad harmony now multichain. the pattern is always the same: opaque custody model, team goes silent, funds gone. bridges remain the weakest link
Fantom DeFi never recovered from this. TVL went from over $1B to under $200M in weeks because the bridge was the only real on-ramp. basically killed the chain