%20(1).svg){kind=small}
As we continue to examine the sophisticated web of the recent MultiChain Bridge exploit, it becomes crucial to dissect critical details. This article seeks to decode the functionality of the MultiChain Bridge, explore the role of multi-party computation (MPC), touch upon the history of bridge hacks, and delve into our investigative findings of the recent exploit. Moreover, we will highlight how Ironblocks’ solutions can significantly contribute to preventive measures in such situations.
Understanding MultiChain
MultiChain acts as a bridge between blockchains, using distributed MPC nodes to sign transfer/minting transactions directed to its bridge/router contracts. This mechanism facilitates the secure transfer of funds across various blockchains. While we won’t delve into the operational intricacies of the bridge’s contracts and protocol in this article, understanding MultiChain’s basic functionality is essential to comprehend the nuances of the exploit.
Decoding MPC
Multi-party computation (MPC) is a distributed mechanism that enables a group of parties to collectively sign a cryptographic message (t < n). In the context of MultiChain, it’s employed for transaction signing.
The History of Bridge Hacks: A Snapshot
Collectively, bridge exploits have resulted in the loss of over $2.6 billion USD across 15 incidents. MultiChain, formerly known as Anyswap, has unfortunately been a regular target, suffering three known exploits, including the current one, along with a critical vulnerability found in their MPC node mechanism in December 2022.
The Recent Exploit: Key Facts
The exploit in question commenced around 16:30 UTC on July 6th and spanned approximately three hours. It targeted multiple bridge contracts (Fantom, Moonriver, old BSC), leading to a loss exceeding $127 million USD.
Ongoing investigations suggest that MultiChain’s MPCs were compromised, possibly due to exploiting the ceremony process, inadequate randomness in the sharing process, or even a standard Web2 exploit that resulted in control of a sufficient threshold. The immediate call to action is to revoke approvals on the bridges as quickly as possible.
The Role of Ironblocks
Ironblocks’ Security Suite includes a bridge detection prevention mechanism. It monitors the absolute value balance on the bridge and is capable of triggering an automatic response tailored to the severity level of each incident. This occurs without compromising the decentralization of the network or the separation of roles.
In the ever-evolving realm of blockchain, security continues to pose significant challenges, with recurring exploits underscoring the necessity for advanced protective solutions. Yet, each challenge provides a learning opportunity to grow, innovate, and build a safer, more secure future for the web3 ecosystem. Ironblocks is committed to being a part of this journey, bringing to bear our expertise to tackle these issues and contribute to a resilient DeFi landscape.
.png)
%20(2).svg)
