Over $130M exploited through Multichain Bridges on Fantom, Moonriver, and Dogechain.

Cross-chain router protocol Multichain has been exploited for nearly $130 million after an attacker siphoned capital out of numerous token bridges.

“The lockup assets on the Multichain MPC address have been moved to an unknown address abnormally,” Multichain wrote on Twitter . “The team is not sure what happened and is currently investigating. It is recommended that all users suspend the use of Multichain services and revoke all contract approvals related to Multichain.”

The unexpected outflows stripped Multichain’s Fantom bridge of nearly its entire holdings in wBTC, USDC, USDT and a handful of altcoins. Together, the assets were worth over $130 million. On-chain sleuths described the activity as highly unusual; Fantom Foundation CEO Michael Kong told blockchain he was “looking into it.”

Multichain has been under pressure for over a month because of failing tech and its AWOL CEO. The trio of unexplained outflows from Multichain’s Fantom, Moonriver and Dogecoin bridge contracts sparked fears on crypto Twitter that a hack could be afoot. Multichain could not immediately be reached for comment.

Binance CEO Changpeng ‘CZ’ Zhao said that the exploit does not impact Binance users.

“Looks like another hack happened on Multichain. This DOES NOT affect users on Binance itself. We have swapped all assets out and closed deposits a while back. Regardless, we offer our assistance in helping with the situation,” CZ wrote on Twitter .

Assets transferred out of the Multichain Fantom bridge, with at least $20 million of the altcoins including DAI, LINK and USDT going to 0x9d57 . Other transfers saw outbound moves of 1,023 wBTC (~$30.9 million) 7,214 wETH (~$13.6 million), and $57 million USDC between two separate addresses.

Multichain’s Moonriver bridge contract has seen $6.8 million in token outflows with nearly all its wBTC, USDT, USDC and DAI going to 0x48BeAD . An address identified as Mulitchain’s Dogecoin bridge has seen over $600,000 in outflows of USDC.

UPDATE (July 7, 2023, 09:17 UTC): Updates headline and adds context on the exploit throughout.

Edited by Danny Nelson and James Rubin.