Hacking one multisig wallet can lead to the loss of $121 million from 12 L2 Ethereum networks at once

One wallet has upgrade permissions for 12 L2 Ethereum networks, but Conduit founder Andrew Huang says it can't transact without three other signatures, which would require three physical attacks.
Multisig or multi-signature wallet - literally means “multiple signature”. This is a special wallet that requires multiple signatures from the owners to work with it.
One multisig crypto wallet has access to 12 different L2 blockchain networks. This means that if this wallet were to be compromised, all 12 networks could be at risk of losing their funds, resulting in a potential loss of $121 million.

Networks include Zora, Aevo, Hypr, Orderly, Ancient8, Lyra, Mode, Pgn, Parallel and Metal - all built using Conduit software. This was reported by L2Beat service analyst Luca Donno on May 19, according to data provided in his X-account.

However, the wallet cannot complete transactions without three of the team's five signatures, Conduit founder Andrew Huang said. The private keys for these signatures are stored in hardware wallets, meaning that compromise is only possible if “3 out of 5 individuals are physically compromised,” he explained.

Source: X-account Luca Donno

Huang said the system will be upgraded in the coming weeks to move to a five-out-of-seven multi-signature scheme instead of the current three-out-of-five. This will increase the level of security as more signatures will be required to complete transactions.

Data shows that multiple Conduit-based networks use the same wallet to perform tasks such as updating a network bridge. L2Beat's data states that the Aevo account has "unlimited upgrade capabilities" and the potential to "get access to all funds." Aevo's Total Value Locked (TVL) is over $72 million.

Aevo channel multi-signature permissions. Source: L2Beat

The Conduit Lyra network has a total locked value (TVL) of over $20 million. According to L2Beat, the same wallet as ConduitMultisig has the potential to gain access to all of these funds.

Lyra Permissions. Source: L2Beat

Identical statements can be found on the pages of other Conduit networks, including Zora, Hypr, Orderly, Ancient8, Mode, Pgn, Parallel and Metal. The total locked value (TVL) of all these blockchains is approximately $121 million, and they are all tied to one multisig wallet.

L2 networks have significantly reduced gas fees for Ethereum users, but some critics consider them too centralized and not convenient enough for mass adoption of the cryptocurrency.

L2 network developers claim that these blockchains will become more decentralized as the decentralization plan proposed by Ethereum founder Vitalik Buterin in November 2022 is implemented.
If you have become a victim of fraud, we advise you to read our article: How to return stolen funds and of course you should seek help from professionals.

We also remind you that you can check your crypto wallet for purity, perform AML address verification, track a transaction - this and more you can do in our solution Btrace. Free AML wallet verification for every new user.
Check blockchain address using Btrace
In seconds, determine the risk level of the counterparty’s address, find out the source of his funds and make an informed decision about interacting with him.




We also recommend