Cross-chain router Multichain developers have confirmed an exploit that impacted $130 million in user-supplied tokens and cautioned users against using its service, as per Friday tweets.
Developers said Friday that the team “is currently investigating.”
“It is recommended that all users suspend the use of Multichain services and revoke all contract approvals related to Multichain,” they said. “The Multichain service stopped currently, and all bridge transactions will be stuck on the source chains. There is no confirmed resume time.”
Multichain’s MULTI tokens have slipped 13% in the past 24 hours.
Bridges such as Multichain allow users to transfer tokens between different networks. These are a key, yet highly vulnerable, part of the crypto ecosystem with $2.66 billion being lost to bridge-based exploits in the past years, according to DefiLlama.
Late on Thursday, Multichain experienced outflows totaling nearly $130 million worth of different tokens across its bridges on blockchain networks Fantom, Moonriver and Dogechain.
On-chain analytics firm Lookonchain estimated $62 million worth of USD coin (USDC), $31 million in wrapped bitcoin (wBTC) and $13 million in wrapped ether (wETH) made up the largest stolen amounts, citing blockchain data.
Stolen tokens have not been sent to exchanges or passed through mixing services such as Tornado Cash as of Asian afternoon hours on Friday.
Meanwhile, related tokens slumped in the past 24 hours amid a broader market decline.
Fantom (FTM) dropped 9.9% even as developers addressed concerns among community members. “For the avoidance of doubt, FTM was never issued or managed by Multichain, so wFTM, FTM ERC-20, and FTM on Opera are not affected,” Fantom Foundation tweeted.
Moonriver’s MOVR tokens fell 13% while lesser-known dogechain (DC) tokens dropped 10%, CoinGecko data shows. Dogechain developers confirmed the network wasn’t directly impacted, but asked users to revoke permissions to Multichain’s Dogechain bridge.
Edited by Oliver Knight.