Fantom (FTM) Layer 2s, Privacy, and Bridges

By Michael @ CryptoEQ | CryptoEQ | 8 Mar 2023

You are reading an excerpt from our free but shortened abridged report! While still packed with incredible research and data, for just $20/month you can upgrade to our FULL library of 50+ reports (including this one) and complete industry-leading analysis on the top crypto assets. 


Becoming a Premium member means enjoying all the perks of a Basic membership PLUS:

  • Full-length CORE Reports: More technical, in-depth research, actionable insights, and potential market alpha for serious crypto users
  • Early access to future CORE ratings: Being early is sometimes just as important as being right!
  • Premium Member CORE+ Reports: Coverage on the top issues pertaining to crypto users like bridge security, layer two solutions, DeFi plays, and more 
  • CORE report Audio playback: Don’t want to read? No problem! Listen on the go.

Layer-2 Technology

Fantom is competing with Ethereum Layer-2 solutions insofar as the value proposition revolves around increased transactional throughput and low transaction fees. The below chart shows Polygon averaging a significantly higher (5x) average TPS for Polygon out in the wild. The quickly evolving world of Layer-2 scaling solutions for Ethereum might feature a slower time-to-finality than Fantom, though this doesn’t appear an insurmountable barrier to adoption for prevalent L2 technologies on Ethereum. This means Fantom is moving into a very competitive ecosystem. 


Fantom plans to facilitate private transactions via Layer-2 solutions rather than focusing on building private transactions into the core protocol directly. Fantom announced an integration with Suterusu, a privacy-oriented Layer-2 payments solution with ~20,000 active users. Since Suterusu was already built on Ethereum, Fantom was able to easily plug in due to EVM compatibility by design. Suterusu uses zk-SNARK proofs to offer privacy guarantees similar to ZCash.


Fantom works by employing its own unique Lachesis consensus protocol, a type of Directed Acyclic Graph (DAG) featuring an asynchronous BFT consensus protocol (aBFT). It's also fully compatible with the Ethereum Virtual Machine (EVM), allowing for developers to easily port their decentralized applications (dApps) from the Ethereum mainnet to the Fantom mainnet. Naturally, such bridges require sufficient liquidity of the utilized tokens to work reliably. As always, a risk of protocol changes on either the sender or destination chain might interfere with token transfers or affect tokens locked in the bridge. Similar to any bridge that involves staking and slashing, the expected rewards for validators should be greater in scenarios where they materially contribute to consensus than in scenarios where they attack or try to exploit the network (i.e., expected value of honest block generation should exceed the expected value of fraud).

Due to EVM compatibility, the Fantom AnySwap bridge is highly popular amongst crypto users. This bridge acts as a cross-chain portal between most well-adopted blockchain networks, using Fantom’s infrastructure as a crossover point. This includes:

  • Fantom
  • Ethereum
  • Binance
  • Avalanche
  • Polygon




Multichain has two mechanisms to bridge assets: cross-chain bridges and routers. Cross-chain bridges first lock tokens in a secure multi-party computation (SMPC) address, then a smart contract mints the equivalent amount of wrapped assets on the destination chain into the user's wallet (lock-and-mint method, discussed below). Withdrawing assets is the exact opposite: burn the wrapped assets, and then the SMPC address releases the native tokens back to the user on the original chain. Importantly, no humans are involved in this process.

Lock-and-Mint (LaM)

LaM bridges use off-chain validators/verifiers and a lock-mint-burn solution to overcome the communication barriers between separate L1 blockchains. The validators are responsible for the assets and functionality of the system. They're third-party actors introducing new trust assumptions unique to the validator set. Practically speaking, lock-and-mint is similar to an automated bank; they manage transactions in a more centralized, trust-based manner. 

You lock your assets on the source chain and then mint new synthetic/wrapped “equivalent” tokens on the new chain. All networks have a native token, and any other network can issue its own version of that token by “bridging” the asset. This system's security depends on the bridge and network of validators that validate transfers. This bridge type is currently the most common, despite being the most vulnerable. For instance, wBTC (wrapped Bitcoin available on Ethereum) is one of the largest bridges by TVL and utilizes the centralized company BitGo as the sole validator set. BitGo is responsible for all users' TVL.

Infographic showing locking, minting, and burning. Source: Medium\dragonfly-research. Infographic showing locking, minting, and burning. Source: Medium\dragonfly-research.


Multi-party computation (MPC) is a solution for securing data among several participants in a private manner. It allows many parties, each with their own private data, to verify the final computation without revealing their own secret portion of the data. Each participant in an MPC possesses a piece of confidential information. Typically, one entity owns one part of a cryptographic key that can move funds or change code.

Even if a bridging protocol has a limited quantity of relayer nodes, the relayers can be chosen at random from the pool of candidates to create the multi-party computing (MPC) group. To authorize a cross-chain transaction, the protocol can require a minimum number of relayers to come together and sign the message before any action can be taken. The greater the threshold of an MPC group, the less likely it is that relayer groups will collude.

Multichain utilizes this key architecture to secure its LaM bridge. The decentralized SMPC node network runs the distributed signature algorithm, albeit just 21 of them. This process means Multichain is a de facto multi-party custody system with federated validators. Each of these 21 nodes independently verifies the source chain’s status and reaches a consensus together using the threshold-distributed signature algorithm on the verification results. No complete private key is shared at any point in the bridging process because nodes don't share their private keys with each other. All nodes can not reach a consensus unless each node singularly agrees. As a result, Multichain’s SMPC network guarantees correct results and can provide fast finality.

Unsurprisingly, the largest number of Multichain active user addresses are on BNB Chain, Polygon, and Ethereum. One element that is somewhat surprising is that the majority of Multichain funds are on Fantom (40%+). 

multichain active addresses by chain feb 2023 Source


Multichain’s router works a bit differently, enabling any asset to be transferred, whether it is a native token or a token created using Multichain’s bridge infrastructure. The router is more akin to a liquidity pool; hence liquidity drives a user’s ability to bridge (as well as the overall UX) in the Multichain pools. 

To bridge tokens from chain A to chain B using the router:

  1. You deposit 10 ETH (as an example) to a Multichain pool on chain A
  2. 10 "multi-ETH” (a wrapped version of ETH) are then minted on chain A
  3. The SMPC node network then mints 10 multi-ETH on chain B while at the same time burning 10 multi-ETH tokens on chain A
  4. As long as the number of ETH tokens in the Multichain pool on chain B is greater than the multi-ETH tokens created, then those ETH tokens are sent to your wallet on chain B and the multi-ETH tokens are burned 

To the extent there aren’t enough multi-ETH tokens in the pool on chain B, you’ll be left with residual multi-ETH that can be later redeemed for ETH when they become available.

As mentioned, you must pay close attention to liquidity in Multichain pools. Otherwise, your experience could suffer. A potential router user must ensure sufficient depth in the Multichain pool to obtain the native asset; otherwise, they’ll have to wait for other users to refill the pool, and they can swap out of the wrapped asset.

But what happens when liquidity doesn’t exist on the other side of the bridge? To solve this, Multichain created a function that mints a token called “multiUSDC.”

Let’s say we’re trying to move $100 USDC from Ethereum to Fantom, and only $50 of liquidity currently exists in the Fantom USDC pool:

  1. Deposit USDC into the bridge on Ethereum
  2. Receive multiUSDC on Fantom
  3. $50 of our multiUSDC would be burned and swapped for real USDC, and the remaining $50 'multiUSDC' would stay in our wallet. The multiUSDC still acts as an I.O.U from the protocol

Security and Trust Assumptions

Issues arise for Multichain if people stop using it or protocols don't provide sufficient liquidity. In these cases, the router would become useless, and the classic lock-and-mint bridge would be the only option.

Another potential failure point relies on the 21 nodes’ trustworthiness in verifying transactions. Multichain economically incentivizes validators' behavior, but they still represent “trusted third parties.” The nodes in Multichain's SMPC control individual externally-owned accounts with public addresses correlating to the ultimate private key. There are 21 nodes in total, operated by various institutions in the crypto industry. These accounts can transfer assets to the destination chain, which only verifies the sender's address and not the message itself.

Screenshot showing different risks associated with the MPC and external validators. Source: L2Beat. Screenshot showing different risks associated with the MPC and external validators. Source: L2Beat.

Consensus requires the majority of nodes to come together to verify the messages.

The security of this protocol, therefore, depends on the reputational security of the SMPC nodes, which presupposes an honest majority of more than half of all nodes. 13 signatures are required for cross-chain data transmission, and 12 nodes must collaborate to censor communications.

Comparison of several bridges and the number needed to censor. Note, Multichain has just 21 entities involved in consensus now, not 24. Source: Jump. Comparison of several bridges and the number needed to censor. Note, Multichain has just 21 entities involved in consensus now, not 24. Source: Jump.

Additional cons include the following notable examples:

  • 81.4% of supply is locked in a contract, and those tokens could come onto the market in the future
  • Future utility for MULTI token is up to a governance vote
  • Without liquidity, it offers no competitive advantage over wrapped asset bridges

Two Previous Hacks

July 2021

In July 2021, the (at the time) experimental Anyswap multichain prototype V3 router was targeted in a successful hack. It is important to note that the Anyswap LaM bridge was not impacted and only the new cross-chain liquidity pools under the V3 Router on BSC were subjected to the hack. At a high level, the hacker was able to break the MPC that Anyswap had in place. The hacker deduced the private key to this MPC account by discovering two transactions with the same R-value signature. In a post-mortem, the Anyswap team was able to reproduce the attack method, further proving their MPC design was sub-optimal.

This hack resulted in a significant loss for Anyswap, with approximately $8 million being stolen off the platform. The Anyswap team took immediate action to secure all exploited funds and remedy the situation but the damage was already done. Additionally, the patch that the Anyswap team released to fix the bug received some criticism from experienced crypto and DeFi professionals.

January 2022

In just ~six short months later, (now) Multichain suffered another hack. In January 2022, multiple hackers exploited flaws in Multichain's smart contracts to steal ~$3 million across six token pairs on the project's router. Due to a flaw in the coding for these tokens' contracts, an attacker was able to steal any users' funds that had previously created approvals for any of the six coins. 

Ironically, the Multichain team uncovered this issue first and issued a public statement asking users who may be susceptible to revoke the approval. However, this notice also alerted the attackers to the issue. Multiple attackers targeted Multichain users who had approved these tokens and stole almost $3 million worth of tokens from the project.

Multichain has undergone numerous public audits and also offers a $2M bounty program with Immunefi. 

How do you rate this article?


Michael @ CryptoEQ
Michael @ CryptoEQ

I am a Co-Founder and Lead Analyst at CryptoEQ. Gain the market insights you need to grow your cryptocurrency portfolio. Our team's supportive and interactive approach helps you refine your crypto investing and trading strategies.


Gain the market insights you need to grow your cryptocurrency portfolio. Our team's supportive and interactive approach helps you refine your crypto investing and trading strategies.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.