Head cross-chain bridges have accidents one after another, what can users do?

On July 7, tokens worth more than $100 million were withdrawn from the Multichain bridge on the Fantom network. The transferred tokens included stablecoin USDC worth $58 million, 1020 WBTC (about 7,200 WETH (about 13.7 million U.S. dollars) and 4 million U.S. dollars in stablecoin DAI (the above four tokens are worth more than 100 million U.S. dollars), which also includes other tokens such as Chainlink, Curve DAO, YFI, Wootrade Network, and UniDex. nearly a quarter of the supply. Assets also appear to be moving on Multichain's Moonriver bridge, including 4.8 million USDC and 1 million USDT. Dogechain also experienced abnormal fund flow, at least 660,000 USDC was sent to the same wallet as Moonriver's fund flow.

In this regard, Multichain tweeted that the locked assets on its MPC address have been abnormally moved to an unknown address. The team is not sure what happened and is currently investigating. It is recommended that all users suspend the use of Multichain services and revoke all Multichain-related contract authorizations.

Multichain events have different opinions

Odaily Planet Daily understands it through multiple channels, and has the following statements:

The security company Paidun questioned: This may be related to the cross-chain platform LayerZero adding support for four tokens (USDC, USDT, WETH, and WBTC), which overlap but are not completely consistent with the tokens being moved.

LayerZero CEO Bryan Pellegrino responded: This issue has nothing to do with the platform, and believes that this is a hack for Multichain. Multichain bridge users may withdraw assets, bringing them to LayerZero.

Igor Igamberdiev, director of research at Wintermute, said this was likely the work of whoever controls Multichain, as the funds on the Fantom side were not destroyed when the transaction occurred. Curiously, the wallet that received the large amount of USDC also made a transaction from the old Binance Smart Chain bridge a few hours ago.

Xinhuo Technology researcher 0x Loki said on Twitter: "Multichain attackers are most likely not hackers, and Multichain may have lost control of MPC multi-signature." The following three points are listed:

1. The transferor has enough time. Considering the technical characteristics of MPC, the transferor may have completely obtained the control of private key shards exceeding the threshold in some way.

2. The attack method is very simple, it is a simple transfer operation, there is no contract, and there are tests. The attacker is probably not a hacker.

3. The transferor has not carried out further disposal and realization, and the operator may not have absolute decision-making power.

At present, the truth of the incident still needs an official answer. Odaily Planet Daily checked the TVL changes of Multichain on DefiLlama and found that 99.76% of the funds have been withdrawn within 24 hours, indicating that users reacted relatively violently to this incident.

Cross-chain risks and self-rescue measures

Less than a week after the last Poly Network hack, Multichain, the leading project in the cross-chain bridge, once again had financial risk issues. At present, the cross-chain bridge has become the hardest hit area for security incidents such as hacker attacks. According to the 0xScope team in "Why are there so many accidents in the cross-chain bridge?" ", the cross-chain bridge capital risk is mainly reflected in three aspects:

1. In terms of recharge tokens: currency recharge contract authority loopholes, counterfeit currency recharge issues, and currency compatibility issues.

2. Cross-chain message transfer: coin-charging message monitoring and processing initiation, coin-charging correctness verification, and cross-chain processing confirmation.

3. Multi-signature verification problem: the degree of decentralization of multi-signature.

In the environment of Wanchain interconnection, as the key point of interconnection, the cross-chain bridge has accumulated a huge amount of funds, and its own complex technology, many technical links, and its frequent updates make it easy to be the first choice for hacker attacks. There must be loopholes in the project that have been exploited, and there is no guarantee that there will be no problems in the future for projects that have not had accidents. How should we save ourselves?

1. When an accident occurs, revoke the contract authorization of the cross-chain bridge as soon as possible to prevent further risk spread. You can revoke it through the approval checker in the browser of the blockchain where you are located. At the same time, it is recommended that you regularly review and clear some contracts that are useless to you Authorization, hackers often extract assets multiple times through loopholes in smart contracts.

2. Users with frequent cross-chain needs need to pay close attention to the relevant information of cross-chain bridges, such as risk warnings from security companies, upgrades of official notices, etc., and be prepared for the first time.

As a participant of the cross-chain bridge LP, in the face of such incidents, it is necessary to actively communicate with the project party, and the locked assets must be recorded well and wait for the solution afterwards.