The Correct Way to Manage MPC Wallets: Issues and Solutions from the Multichain Incident

Recently, the Multichain project experienced anomalies, sparking discussions in the industry about the management method of MPC Wallet. Despite the use of MPC technology, Multichain still faces significant risks, reflecting that the application of decentralized technology needs to be matched with management methods.

Issues Exposed by Multichain Events

The Multichain team claimed that their CEO went missing on May 21, and subsequently discovered that the access keys for the MPC node servers had been revoked. Further investigation revealed that all node servers were actually controlled by the CEO's personal cloud service account, which is no different from using a single-signature Wallet to control all assets.

The core issue exposed by this incident is that the managers of Multichain should not control all MPC shards and have not provided a backup plan for extreme situations.

Key to Effectively Utilizing the Characteristics of MPC Technology

To fully utilize MPC technology, the following points should be noted:

1. Improve transparency and prevent conflicts of interest
2. Strictly adhere to decentralized custody methods to avoid excessive concentration of power.
3. Develop contingency plans for extreme force majeure.

Preventing Conflicts of Interest: Rejecting Black Boxes

In the Multichain incident, projects like Fantom were also implicated. This reflects that Multichain's MPC solution is essentially a "black box," lacking transparency and verifiability.

The solution is to introduce a trustworthy third-party MPC service to replace self-built services. This can eliminate the "black box" and provide verifiable information for stakeholders.

Decentralized Custody: Avoid Single Point Risk

The correct approach should ensure the distribution of servers, access permissions, and geographical locations. Some MPC service providers adopt multi-signature schemes to ensure security through high-intensity encryption and trusted execution environments. At the same time, a multi-level private key derivation design can balance global control and specific permission management.

In addition, adopting solutions such as online remote multi-active distributed storage and offline cold storage backups can minimize asset loss or service interruption caused by single point risks.

formulate a social recovery plan for extreme situations

Considering the irresistible factors of the physical world, it is necessary to design emergency mechanisms such as the "SOS mode". This mode can be activated under specific conditions to achieve emergency asset transfer or disposal.

To prevent abuse, you can set restrictions such as a delay in effectiveness and a lock-up period to ensure asset security.

Conclusion

The Multichain incident has sounded the alarm for the industry, reminding us that while adopting advanced technologies, we must also establish management mechanisms that match them. Only by balancing technology application and management methods can we truly achieve decentralization and maximize the advantages of technologies like MPC.