Multichain, a cross-chain router, announced that it had recovered more than $3 million AUD from recent exploits.
Multichain protocol bounces back from hacks
Although you read plenty about hacks in the crypto world – such as this $20 million exchange hack – you rarely hear success stories of how exploits get recovered and protocols strike back against hackers. However, Multichain protocol, which calls itself the “ultimate cross-chain router for Web3,” is one such example of a success story.
The protocol got exploited on January 10, 2022, but now announced that it had recovered more than half of the stolen funds. Initially, Multichain received an alert from Dedaub, a blockchain security company, that its liquidity pools and router contracts contained two security leaks that could get exploited. These affected Wrapped Ether, Wrapped BNB, MATIC, and AVAX.
The protocol advised its users to withdraw from the vulnerable contracts, which prompted only another attack, totaling the protocol’s losses to over $4 million AUD. Even though Multichain patched the security leak by transferring the liquidity to new smart contracts, it announced that risk remained for users that had not revoked approvals for the compromised contracts. 4,861 addresses had revoked approvals, but 3,101 had not. For those 3,101 addresses, Multichain had a compensation plan that reimbursed the users, which happened until February 18.
Multichain also set up policies to avoid similar incidents in the future. For instance, it conducted extra rounds of security audits on contracts and cross-chain bridges and promised that the team would enhance the security infrastructure on the cross-chain bridge architecture. Multichain also plans to install a security fund, although it needs to be approved via a community vote first. The fund would be in charge of rescue schemes in case of asset loss, with rewards between $650 AUD and $1.3 million AUD for members identifying vulnerabilities before they are exploited. Multichain also thanked security firm Dedaub for their work, rewarding them with $1.3 million AUD for each identified vulnerability.
Risks of a multichain future
Although this incident ended with a happy end for Multichain, the multichain future may not be that bright from a security standpoint. Only recently, Wormhole, a popular bridge between different big blockchains like Ethereum, Solana, terra, and others, was exploited for a cool $611 million ($852 million AUD). Although the fund behind Wormhole refunded the loss, it would be naive to think bridges will be that lucky every time.
The truth is that even though a multichain future may look like a utopia now, the road to getting there will be arduous and beset with security leaks and hacks. Bridges are some of the most vulnerable points in the current blockchain architecture since they connect two ecosystems built on an emergent technology like the blockchain. Naturally, security best practices are scarce, and leaks abound at this early stage of development.
Rather than being scared by this prospect, developers should see hacks and leaks as a chance to learn and improve. Safe internet protocols did not emerge overnight and neither will the multichain future.