Multichain (formerly Anyswap): Private Key Compromise (MPC Address) — suspected backend breach or insider
Multichain's MPC bridge addresses on Fantom and Moonriver were drained for $126M in what appears to be a backend or insider key compromise — months after the team warned of "force majeure" and the CEO was reportedly arrested.
Summary #
Multichain (formerly Anyswap) suffered a Cross-chain Bridge on 2023-07-07, resulting in a loss of approximately $126M.
What happened #
Multichain's MPC bridge addresses on Fantom and Moonriver were drained for $126M in what appears to be a backend or insider key compromise — months after the team warned of "force majeure" and the CEO was reportedly arrested.
Linked factors #
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
- RD-F-027 — causal : ★ Single admin EOA — when value mentions key compromise [via realtime_signals/Governance/admin action (Y/N): Y — MPC key control centralized in compromised party]
- RD-F-098 — illustrative : TVL anomaly — % drop in <1h vs 30d baseline [via realtime_signals/TVL exit early (Y/N): Y — some TVL flight post-force-majeure in May]
- RD-F-101 — illustrative : Large governance proposal queued — RT signal would have fired [via realtime_signals/Governance/admin action (Y/N): Y — MPC key control centralized in compromised party]