Affected by the Multichain incident, Fantom is also in a dangerous situation.
As Fantom uses Multichain as the main cross-chain bridge in its ecosystem, the impact of the Multichain fund vulnerability (where $126 million USD flowed out on July 7th, with about $118 million USD assets transferred from the Multichain Fantom bridge contract) directly affects Fantom.
The most obvious manifestation is that the stablecoins issued by Multichain bridge contracts on top of Fantom have a significant deviation from their peg. According to SpookySwap, at the time of writing, USDC-MULTI, fUSDT-MULTI, DAI-MULTI (Multichain bridge version stablecoins) are all priced around $0.27.
Although Fantom has frozen $62 million USD worth of funds such as USDC and USDT by contacting stablecoin issuers like Circle and Tether, it is difficult to recover the $56 million USD shortfall in the short term because nearly half of the funds in the $118 million USD hole are pure on-chain assets such as WETH and WBTC that cannot be frozen through similar means.
In addition, considering that Multichain disclosed in a recent official tweet that the sister of co-founder Zhaojun is also missing, there may be uncertainties regarding the funds of about $151 million USD transferred to two EOA wallets (0x1eed63efba5f81d95bfe37d82c8e736b974f477b; 0x48bead89e696ee93b04913cb0006f35adb844537) on July 9th for asset preservation purposes. Even if she does not lose control of the funds, it is also difficult to handle the funds in the short term, so temporarily, this portion of the funds can be considered as a shortfall.
In short, the current situation is that the Fantom ecosystem bears a deterministic shortfall of $56 million and a potential shortfall of $151 million.
Lessons from Harmony
We can find some shadows of the current situation of Fantom from Harmony a year ago.
In June 2022, Harmony's official cross-chain bridge, Horizon, was hacked, resulting in a loss of approximately $100 million. Although Harmony tried various ways to recover the funds afterward, it was ultimately unsuccessful.
Due to the fact that the stablecoins on the Harmony chain are mainly issued through the Horizon bridge contract, significant anchoring problems also occurred. This is similar to the current situation of Fantom. Perhaps it is slightly fortunate that Fantom is only indirectly responsible outside of the Multichain system, compared to Harmony, which had to bear the compensation responsibility for its own mistakes.
However, it is worth questioning the fact that Fantom chose Multichain as the primary third-party service for cross-chain bridges, which put the security of the ecosystem in a precarious situation (Zhaojun's personal server).
The anchoring of stablecoins not only means losses for the holders but also inevitably has a detrimental impact on the development of the ecosystem from an ecological perspective.
A more tangible impact is that some projects will be forced to suffer significant shocks, especially lending protocols. Due to the almost instantaneous occurrence of stablecoin anchoring in such events, it is difficult to perform effective liquidation in lending protocols, resulting in massive bad debts. Aave on the Harmony chain has not yet fully recovered its normal operation, while Geist Finance, the largest lending protocol on Fantom, has announced permanent closure.
The more subtle but more obvious impact is the inability to solve the vulnerabilities, which is a blow to the confidence of all projects within the ecosystem and is almost synonymous with slow death. In the past year, we have seen too many projects migrate away from Harmony, and similar situations may also occur on Fantom.
Can the vulnerabilities be resolved? What are the lessons?
Of course, for Fantom, filling the gap is quite difficult, but not impossible. Not to mention that the control of the two EOA wallets is still unknown, but based on Fantom's own financial situation (refer to "AC's Account of Fantom's Financial History: From $2 Million to $1.5 Billion"), AC has stated that in November 2022, Fantom's treasury held over 450 million FTM, $100 million stablecoins, $100 million in cryptocurrency assets, and $50 million in non-cryptocurrency assets.
Looking at the absolute numbers alone, Fantom's treasury reserves are sufficient to cover this vulnerability. However, it is still unknown whether the situation will come to the point where Fantom needs to tap into its treasury, and what the community's attitude towards this will be.
Considering the recent Fantom incident as well as earlier Harmony incidents, we can see that "interchain dragging down a public chain" is no longer an isolated case, but a certain generalized risk. From the perspective of public chains, in order to avoid such events from happening again, the only way is to minimize the systemic impact of interchain bridges on the overall operation of the ecosystem.
Here are some potential solutions at different levels: First, the public chain can incubate its own native stablecoins, which would minimize external risk transmission but is also the most difficult option. Second, collaborate with stablecoin issuers like Circle and Tether to issue native USDC and USDT on the chain, which is currently the most popular approach but requires comprehensive development conditions and business cooperation strength. Third, perhaps reduce reliance on a single interchain bridge and balance the amounts of stablecoins issued by various bridge contracts through incentives and other regulatory measures.
In summary, interchain bridges, as the biggest source of risk in the on-chain ecosystem (arguably not the only one), should be approached with sufficient caution in combination with various component layers. We hope that Fantom will be able to smoothly overcome this predicament and that similar incidents will not occur again.
