Will Fontom be able to withstand the chain reaction caused by the Multichain turmoil?

Can Fontom handle the Multichain turmoil?

Original: “The Disaster of Fantom’s Fish Pools: How Serious Are the Vulnerabilities? Can They Save Themselves?”

Author: Azuma

Affected by the Multichain incident, Fantom is also in a dangerous situation.

As Fantom uses Multichain as the main cross-chain bridge in its ecosystem, the impact of the Multichain fund vulnerability (where $126 million was transferred out on July 7th, with about $118 million assets transferred from the Multichain Fantom bridging contract) directly affects Fantom.

The most obvious manifestation is that the stablecoins issued by Multichain bridging contracts on Fantom have experienced a significant deviation from their peg. According to SpookySwap, as of the time of writing, USDC-MULTI, fUSDT-MULTI, and DAI-MULTI (the Multichain bridged stablecoins) are all priced at around $0.27.

Although Fantom has frozen $62 million of funds such as USDC and USDT by contacting stablecoin issuers like Circle and Tether, due to the fact that nearly half of the funds in the $118 million hole are pure on-chain assets such as WETH and WBTC that cannot be frozen, it is difficult to recover this $56 million shortfall in the short term through similar means.

In addition, considering that Multichain’s recent official disclosure stated that Zhaojun’s sister, a co-founder, is also missing, there is uncertainty regarding the subsequent transfer of the $151 million funds to two EOA wallets (0x1eed63efba5f81d95bfe37d82c8e736b974f477b; 0x48bead89e696ee93b04913cb0006f35adb844537) on July 9 for asset preservation purposes. Even if the loss of control over the funds is not a concern, it is highly likely that it will be difficult to handle this amount of money in the short term. Therefore, this portion of the funds can also be considered as a shortfall for the time being.

In short, the current situation is that the Fantom ecosystem bears a certain shortfall of $56 million due to this incident, as well as a potential shortfall of $151 million.

Lesson Learned from Harmony

We can find some shadows of Fantom’s current situation from Harmony’s experience a year ago.

In June 2022, Harmony’s official cross-chain bridge, Horizon, was hacked, resulting in a loss of approximately $100 million. Although Harmony has tried various ways to recover the stolen funds, it ultimately had no success.

Since the stablecoins on the Harmony chain are primarily issued through the Horizon bridging contract, a significant deviation from their peg also occurred. This is similar to Fantom’s current situation. Perhaps the only “fortunate” aspect is that, compared to Harmony, which had to bear the responsibility for compensation due to its own mistakes, Fantom can only be considered an indirect party responsible for Multichain.

However, on the other hand, Fantom chose Multichain as the main cross-chain bridge, which is equivalent to putting the ecosystem security in a dangerous position (Zhaojun’s personal server), and this choice itself is worth discussing.

The detachment of stablecoins from their anchors does not only mean losses on the holders’ books, from an ecological perspective, the failure of their utility will inevitably have a negative impact on the development of ecological projects.

A more intuitive manifestation is that some projects will be forced to suffer huge impacts, especially lending protocols. Due to the fact that the detachment of stablecoins almost always happens in an instant in such events, it is difficult to execute effective liquidation in lending protocols, resulting in huge bad debts. Harmony’s Aave on-chain has yet to recover normal operation, and the largest lending protocol on Fantom, Geist Finance, has also announced permanent closure.

And a more hidden yet more intuitive impact is that the inability to resolve the vulnerabilities is a blow to the confidence of all projects within the ecosystem, which is almost equivalent to a slow death. In the past year, we have seen too many projects migrate away from Harmony, and similar situations may also occur on Fantom.

Can the vulnerabilities be resolved? What are the lessons?

Of course, for Fantom, although it is quite difficult to patch the holes, it is not entirely impossible. Not to mention that the control of the two EOA wallets is still unclear, just from Fantom’s own financial situation (recommended reading: “AC exposes Fantom’s history of wealth creation: how to go from $2 million to $1.5 billion through DeFi?”), AC once revealed that in November 2022, Fantom’s treasury held over 450 million FTM, $100 million stablecoins, $100 million in encrypted assets, and $50 million in non-encrypted assets.

From an absolute number perspective, Fantom’s treasury funds are sufficient to cover this vulnerability, but whether the situation will reach the point where Fantom needs to use the treasury, and what attitude the community will take on this matter, is currently unknown.

Considering the Fantom incident and even the earlier Harmony incident, we can see that “cross-chain dragging down public chains” is no longer an isolated case, but a certain level of systemic risk has emerged. From the perspective of public chains, in order to avoid such events from happening again, it is only possible to minimize the systemic impact of cross-chain bridges on the overall operation of the ecosystem as much as possible.

There may be several potential solutions at different levels: First, the public chain incubates native stablecoins on its own, which will minimize external risk transmission, but the difficulty is also the greatest; second, cooperate with stablecoin issuers such as Circle and Tether to issue native USDC and USDT on their own chains, which is currently the most popular approach, but it also tests the comprehensive development status and business cooperation strength of the public chain; third, perhaps it is also possible to minimize dependence on a single cross-chain bridge and balance the quantity of stablecoins issued by various bridging contracts through incentive and other regulatory measures.

In summary, cross-chain bridges, as one of the biggest sources of risk in the on-chain ecosystem (perhaps without a doubt), should maintain sufficient security vigilance along with the components they are combined with. We hope that Fantom can successfully overcome this obstacle and also hope that similar incidents do not occur again.