What Happened

Multichain (Backtest 2023-06-01)

$126M|Smart Contract Exploit|July 6, 2023

Admin key compromise — CEO Zhaojun arrested by Chinese police, private keys to bridge wallets controlled by single person, funds drained from multiple bridge contracts across Fantom, Ethereum, and other chains

What Hindenrank Would Have Said

As of June 1, 2023

D
Risk Score
72/100

Very high risk — centralized key infrastructure contradicts decentralized security claims, with $1.5B at stake and a track record of exploits. The combination of opaque MPC node operations, China-based leadership, and ecosystem-critical dependency makes Multichain one of the highest systemic risks in DeFi.

Mechanism Novelty10/15
Interaction Severity20/20
Oracle Surface4/10
Documentation Quality8/10
Track Record13/15
Scale Exposure3/10
Regulatory Risk8/10
Protocol Vitality6/10

Grade Predicted This Failure

Flagged by dimensions: Mechanism Novelty, Interaction Severity, Track Record, Scale Exposure, Documentation Quality, Regulatory Risk

One or more collapse scenarios directly matched the actual failure mode.

Top Risks Identified

  1. 1.MPC key management relies on opaque node infrastructure with unverified operator diversity and no on-chain collateral requirements
  2. 2.Two prior exploits ($7.9M ECDSA key derivation in Jul 2021, $3M approval drain in Jan 2022) demonstrate recurring security failures
  3. 3.Critical single-point-of-failure risk: CEO controls cloud server infrastructure hosting MPC nodes, creating centralized custody despite decentralized claims
  4. 4.Massive honeypot ($1.5B TVL locked in bridge contracts) amplifies impact of any key compromise or operational failure
  5. 5.China-based team and leadership create elevated regulatory and operational risk given China's hostile crypto regulatory posture

Collapse Scenarios

Admin key compromise / centralized custody failure

Elevated
Trigger

CEO or singular infrastructure operator is compromised, arrested, coerced, or acts maliciously — gaining effective control over all MPC signing keys

Cascade
1.
MPC node infrastructure compromised through admin accessAttacker gains ability to sign arbitrary cross-chain transactions
2.
Funds drained from bridge lock contracts across multiple chainsHundreds of millions in locked collateral stolen
3.
All Multichain-wrapped tokens (anyUSDC, anyETH, etc.) become unbackedWrapped tokens depeg to zero across 40+ chains, cascading DeFi liquidations
4.
Ecosystem contagion — Fantom and other dependent chains lose stablecoin liquidityDeFi protocols on dependent chains freeze or collapse
Historical Precedent

Ronin bridge hack (March 2022) — $625M stolen via compromised validator keys; Harmony Horizon bridge (June 2022) — $100M stolen via 2-of-5 multisig compromise

Cryptographic implementation failure in MPC scheme

Moderate
Trigger

Flaw in SMPC implementation allows private key reconstruction from on-chain signatures, similar to the July 2021 ECDSA k-value reuse vulnerability

Cascade
1.
Attacker discovers cryptographic weakness in MPC signing schemePrivate key shares can be reconstructed from observed signatures
2.
Attacker reconstructs full signing authorityCan sign arbitrary transactions to drain bridge contracts
3.
Bridge contracts drained before team can respondTotal loss of locked collateral, all wrapped tokens become worthless
Historical Precedent

Anyswap V3 ECDSA exploit (July 2021) — $7.9M stolen using same R-value vulnerability, a flaw known since 2010

Chinese regulatory shutdown freezing all operations

Moderate
Trigger

Chinese authorities arrest team members or seize infrastructure hosting MPC nodes, rendering the bridge inoperable

Cascade
1.
Chinese police arrest CEO or raid offices/data centersMPC node infrastructure becomes inaccessible to remaining team
2.
Cross-chain bridge operations halt — no new transactions processedUser funds locked on source chains, anyToken holders stranded
3.
Market panic as bridge goes dark, MULTI token crashesNode operator incentives collapse, no recovery path
4.
Authorities may access private keys through seized infrastructureRisk of funds being permanently lost or confiscated by state actors
Historical Precedent

China crypto ban (2021) forced migration of mining operations; multiple Chinese crypto executives arrested in 2022-2023 crackdowns

See how today's protocols score

The same 8-dimension rubric applied to 672+ live protocols.

View LeaderboardAll Backtests