Lessons from the aftermath of the Multichain Bridge fiasco
For those who don't know, rumors have been circulating about the arrest of Multichain team members by Chinese authorities, along with reports that law enforcement has gained control of a wallet holding over $1.6 billion. Multichain was previously known as Anyswap and they changed their name after an 8 Million dollar exploit. To understand why it's a big deal and how law enforcement could have access to the funds, we need to grasp how the bridge actually works. For chains that have natively issued pegged assets, Multichain acts as an exchange between those assets. The main issue arises when the destination chain doesn't have the pegged asset natively. In such cases, Multichain accepts the deposit of the asset on the source chain and issues its own tokens, which are meant to be redeemable for the real asset on the source chain.
One of the most prominent examples is USDC on the Fantom blockchain. Circle doesn't issue USDC on Fantom, so Multichain created its own pegged USDC backed by the real USDC. According to reports, 40% of all Fantom assets, excluding its native token, are issued by Multichain. Fantom suffered a severe blow from this news as the USDC on Fantom de-pegged and was available for as low as $0.6-$0.7.
What can we learn from this?
The lesser the layers, the better. Try not to hold pegged assets, and instead hold the original assets on the original chain. This is because it reduces the number of points of failures. The more the layers, the more the chances of any one of the layers being compromised or exploited. Even vitalik says.