Skip to main content

This site is for educational purposes only. Nothing here constitutes financial advice.

Back to all case studies
Bridge Exploit
2023-07-14$130M+ stuck

Multichain Collapse

July 2023 — cross-chain protocol freezes after CEO Zhaojun's arrest in China; $130M+ stuck and unrecoverable; ambiguous insider-exit vs theft.

Multichain (formerly Anyswap) was one of the largest cross-chain bridges, supporting ~80 different chains and at peak holding ~$2B in bridged assets. The protocol's operational structure depended heavily on its CEO Zhaojun and a small core team based in China. The team's identities were not publicly disclosed — a notable structural feature that became material after the collapse.

On May 24, 2023, Multichain's CEO Zhaojun was arrested by Chinese police, although the arrest was not publicly disclosed until weeks later. With Zhaojun in custody and key operational keys reportedly controlled exclusively by him, Multichain's operations progressively degraded through June and early July 2023. On July 6, 2023, suspicious transactions moved approximately $130M+ of bridge-locked assets to unknown addresses. The protocol team announced shutdown on July 14, 2023.

The case is one of the clearest examples of key-person risk in crypto protocols. Whether the July 6 movements represented insider theft, defensive movement by remaining team members, or external compromise has never been definitively established — partly because Zhaojun's arrest and the team's anonymity made post-collapse investigation difficult. Users who had bridged assets through Multichain at the time of collapse have been substantially unable to recover them.

Timeline

  1. 2020-07
    Anyswap launched (later rebranded Multichain) as cross-chain bridge protocol.
  2. 2021-2022
    Multichain grows to ~80 supported chains and ~$2B peak TVL.
  3. 2023-05-24
    CEO Zhaojun arrested by Chinese police; arrest not publicly disclosed at the time.
  4. 2023-05 to 2023-06
    Multichain operations begin showing degradation: pause in new asset support, delayed customer support, intermittent transaction processing failures.
  5. 2023-07-06
    Suspicious transactions move ~$130M+ from bridge-locked addresses to previously-unused addresses.
  6. 2023-07-07
    Multichain announces 'forced shutdown' of all bridge operations due to 'force majeure.'
  7. 2023-07-13
    Multichain confirms Zhaojun arrest in official communication; states they cannot continue operations.
  8. 2023-07-14
    Multichain announces formal protocol shutdown; users with outstanding bridged assets are advised to consult legal counsel.
  9. 2023-Q4
    Various chain teams attempt to compile lists of affected users; recovery actions limited by Multichain's offshore structure and key-person inaccessibility.
  10. 2024+
    Limited recovery; the majority of locked assets remain stuck in Multichain bridge contracts.

Mechanism

The key-person operational structure. Multichain's operational architecture concentrated critical functions (key management, smart-contract upgrade authority, treasury control) in the CEO Zhaojun's personal control. The team's anonymity meant no public-facing co-founders could step in if Zhaojun became unavailable. The structure was deliberately opaque — common in 2020-2021 era Chinese crypto teams but increasingly out-of-step with post-2022 institutional crypto norms.

The arrest and operational degradation. When Zhaojun was arrested in late May 2023, Multichain's operations began progressively degrading. Smart-contract operations that required Zhaojun's signatures could not proceed; customer-facing services slowed; new chain integrations halted. The remaining team was either unaware of the arrest (Zhaojun's family did not initially disclose it) or aware but unable to assume his operational role.

The July 6 transactions. On July 6, 2023, approximately $130M of bridge-locked assets moved from Multichain's main bridge contracts to addresses that had not previously interacted with the protocol. The transactions used signatures that the protocol's design required of authorised operators — meaning either Zhaojun's keys were operative (raising questions about who controlled them post-arrest), the keys had been compromised externally, or the keys had been distributed to remaining team members in ways the public was not aware of.

The ambiguity. Several plausible scenarios remain consistent with the public evidence: (1) external compromise of Zhaojun's keys after his arrest; (2) defensive movement by remaining team members to protect funds from Chinese authorities; (3) insider theft by remaining team members during a period of low oversight; (4) Zhaojun's keys having been operationally pre-distributed and the movements being part of a planned exit. The absence of clear public investigation and the team's anonymity make distinguishing these scenarios impossible from public information.

The fund-recovery problem. Even if the lost funds were eventually traced, recovery would require coordinated action across multiple chains and jurisdictions — Multichain's structure as an offshore entity with anonymous principals makes legal recovery extremely difficult. Users affected by the July 6 movements have largely been unable to recover funds through any practical legal mechanism.

Impact

The Multichain collapse substantially damaged confidence in protocols with anonymous teams and key-person operational structures. The case is widely cited as the canonical example of key-person risk and operational-continuity failure. Post-Multichain, institutional crypto users have substantially shifted bridging activity to protocols with disclosed governance, multi-signature operational keys, and transparent operational structures (LayerZero, Wormhole's post-exploit reformed governance, Hyperlane, Across). The case also highlighted the geopolitical risk inherent in protocols whose key personnel are physically located in jurisdictions with active crypto-related enforcement (notably China, which has been progressively expanding enforcement against crypto entities since 2021).

Operational lessons

  1. 1Key-person risk is structural risk. Any protocol where critical operations depend on a single individual's continued availability is fragile to any event removing that individual — arrest, illness, death, voluntary departure. The Multichain case is the clearest published example of this risk realising.
  2. 2Anonymous teams cannot be held accountable in crises. When the Multichain team's anonymous principals could not be contacted by users or regulators after the collapse, no recovery mechanism existed. Anonymous-team protocols are structurally unsuited to handling significant customer funds.
  3. 3Jurisdiction matters. Multichain's Chinese operational base meant that Chinese authorities' enforcement activities could trigger operational failure independent of any technical vulnerability. Protocol-team jurisdiction-mapping should be part of due diligence for users storing significant funds in the protocol.
  4. 4Operational-continuity arrangements are essential. Multi-signature operational keys, written succession plans, and operational-team redundancy are baseline expectations for any protocol handling significant user funds. Multichain's apparent lack of these arrangements turned a CEO arrest into a $130M+ user-asset loss.
  5. 5Some bridge architectures don't fail gracefully. When Multichain's operations broke down, the bridge contracts continued to hold user funds but could not process withdrawals. The architecture had no fallback mechanism for orderly user-fund return during operational failure.

Aftermath

Multichain's bridge contracts remain offline as of mid-2026; the majority of locked assets are stuck. Various Chinese authorities have investigated the case; details have been limited and partly subject to ongoing legal proceedings. Several chain teams (notably Fantom, where Multichain was the dominant bridge) lost substantial bridged assets and have worked to migrate users to alternative bridges. The case has substantially shaped institutional bridge selection criteria; major institutional users now generally exclude any bridge protocol with anonymous teams or single-key operational structures from consideration. The case study is foundational teaching material for due-diligence frameworks on bridge protocols.

Sources & further reading

We prioritise primary sources. Where a topic moves quickly (regulation, security incidents), we re-check sources on the cadence shown by the page's "Next review" date.

Related on Block Clarity Hub

Case Studies — Nomad Bridge Exploit
Case Studies — Wormhole Bridge Exploit
Learn — Bridges and cross-chain risk
Spotted an error? Report it on GitHubour correction policy