
Starting from the arrest of Multichain's cross-chain bridge: What legal risks should be considered when launching a cross-chain technology startup?
TechFlow Selected TechFlow Selected

Starting from the arrest of Multichain's cross-chain bridge: What legal risks should be considered when launching a cross-chain technology startup?
While pursuing technological innovation and business model exploration, cross-chain entrepreneurs must prioritize legal risk management.
Authors: Liu Honglin, Jin Jianzhi
The Chinese cross-chain bridge project Multichain has been involved in criminal activities, leading to its CEO and other personnel being taken into custody by Chinese police, causing the project's token to plummet overnight. Is it truly impossible to start a business involving cross-chain technology—designed to enable value interoperability between different blockchains—in China?
Founder Arrested, Project Forced to Cease Operations
On May 21, 2023, Zhao Jun, CEO of the well-known cross-chain project Multichain, was taken from his home by domestic law enforcement authorities and subsequently lost contact with the global Multichain team. The team contacted MPC node operators and learned that their access keys to the MPC node servers had been revoked.
Later, the investigation team contacted Zhao Jun’s family and confirmed that all of Zhao Jun’s computers, mobile phones, hardware wallets, and recovery phrases had been confiscated. Since the project’s inception, Zhao Jun had controlled all operational funds and investor capital.
On June 4, Zhao Jun’s family successfully logged into the home computer on the cloud server platform, allowing only Multichain engineers physical access to the device to resolve technical issues with Router2 and Router5.
On July 9, Zhao Jun’s sister transferred the remaining user assets from the router pool and notified both the team and multiple partner projects. These funds were moved to an EOA address controlled by Zhao Jun’s sister.
On July 13, based on information provided by Zhao Jun’s family, the police took Zhao Jun’s sister into custody.
According to SlowMist monitoring data, since July 7, a total of $265 million has flowed out from Multichain across Ethereum, BNB Chain, Polygon, Avalanche, Arbitrum, Optimism, Fantom, Cronos, and Moonbeam. Of this amount, $65.82 million has been frozen by Circle and Tether, and 1,296,990.99 ICE (approximately $1.62 million) has been burned by the token issuer.
Public records indicate that Multichain was founded in July 2020 and raised $60 million in funding in December 2021. Investors included Binance Labs, Sequoia Capital, IDG Capital, Three Arrows Capital, DeFiance Capital, TRON Foundation, Hashkey Capital, Circle, Hypersphere Ventures, Primitive Ventures, and Magic Ventures.
What Is Blockchain Cross-Chain Technology?
The rapid development of public blockchains is closely tied to the growing adoption and innovation of blockchain technology. According to available estimates, there may now be hundreds of public blockchains in existence, each with distinct communication protocols, consensus mechanisms, and governance models. Notable examples include Bitcoin, Ethereum, Solana, and Binance Smart Chain (BSC), alongside many others built on diverse technical architectures. Each public chain possesses unique features, strengths, and application scenarios. As such, interoperability between different blockchains—enabling users to transfer assets and information across chains—has become an inevitable necessity, giving rise to cross-chain technology.
Cross-chain technology is a critical innovation in the blockchain industry, aiming to solve challenges related to data exchange, asset transfers, and value interoperability between disparate blockchains. Its underlying technical framework is complex. For non-technical audiences, cross-chain functionality can be simplified: when a user wants to move assets from Chain A to Chain B, they first deposit the assets into a designated address on Chain A managed by the cross-chain protocol. Once the bridge detects this transaction, it mints an equivalent amount of wrapped tokens on Chain B or uses liquidity pools on the target chain to convert the assets into native equivalents, which are then sent to the user’s Chain B wallet.
The most pressing concern surrounding cross-chain technology is security. For entrepreneurs in this space, ensuring not only project safety but also personal safety is paramount.
Legal Risks When Projects Are Hacked
Security incidents in the cross-chain sector are not uncommon. On July 3, 2021, Chainswap’s smart contract was exploited, resulting in stolen tokens from user wallets interacting with the platform, with total losses around $800,000. On July 12, 2021, Anyswap’s newly launched V3 cross-chain liquidity pool was hacked, losing over $7.87 million. In August 2021, Poly Network announced a major breach where hackers transferred approximately $610 million worth of user assets across BSC, Ethereum, and Polygon, marking the largest DeFi security incident to date.
Because blockchain technology is inherently decentralized, assigning liability when smart contract flaws or vulnerabilities lead to losses can be extremely difficult. When user assets are lost, determining whether the project team bears legal responsibility becomes a complex issue.
To mitigate such risks, project teams should take two key steps:
1. Smart Contract Security Audits: Ensure smart contracts undergo rigorous security audits to prevent vulnerabilities and attacks. Most cross-chain technologies directly handle financial transactions and user funds, so security must be prioritized from the outset—no level of caution is excessive. Ideally, protocols should be audited by at least two independent security firms to minimize risk. Avoid introducing unnecessary admin roles and strictly limit permissions for deployers and administrators to prevent a single compromised account from endangering all protocol funds.
2. Draft Clear Agreements: Establish clear contractual terms between the project, partners, investors, and users. Define responsibilities, obligations, and compensation mechanisms in the event of security breaches or asset loss.
Legal Risks of Token Issuance
Most cross-chain projects issue their own native tokens. Entrepreneurs must understand that legal frameworks around blockchain and cryptocurrency vary significantly across jurisdictions. For example, the U.S. Securities and Exchange Commission (SEC) may classify certain tokens as securities, while the EU may adopt entirely different regulatory categories. Therefore, designing and deploying cross-chain solutions requires careful consideration of diverse legal and regulatory requirements.
Token issuance is especially sensitive in China. On September 4, 2017, the People's Bank of China and six other ministries issued a notice titled "On Preventing the Risks of Token Issuance Financing," clearly stating that token offerings constitute unauthorized public fundraising and may involve illegal activities such as unlicensed securities sales, illegal fundraising, financial fraud, and pyramid schemes. The notice demanded an immediate halt to all token financing activities, with existing projects required to initiate refund procedures.
Issuing tokens targeting users in mainland China falls squarely within a high-risk regulatory red zone.
KYC, KYT, and AML
As referenced earlier, Multichain’s arrest stemmed from allegations of money laundering for criminal organizations on a massive scale. Due to inherent characteristics like anonymity and traceability challenges, cross-chain technology can easily be exploited as a tool for illicit financial flows.
Specifically, because cross-chain operations involve asset transfers across multiple blockchain networks—including those with strong privacy features like zero-knowledge proofs or privacy coins—money launderers can more easily conceal the origins and destinations of their funds. Additionally, tracking and monitoring transactions across multiple chains becomes significantly more complex. Some cross-chain protocol designs further obscure transaction trails, creating additional opportunities for money laundering.
According to statistics from OKLink Research Institute, money laundering, fraud, pyramid schemes, and gambling were the four most common types of cryptocurrency-related crimes in 2022, with 54.72% linked to money laundering and 21.13% to fraud.
One major reason governments remain skeptical of cryptocurrencies is their misuse by criminals. Once criminal activity is detected by regulators, any cross-chain project facilitating such transactions cannot escape liability. Moreover, these projects cannot claim technological neutrality as a defense. In August 2022, the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the mixer Tornado Cash, citing that since its launch in 2019, it had been used to launder over $7 billion in crypto assets, including more than $455 million stolen by North Korea’s Lazarus Group from two blockchain applications.
Implementing robust KYC and AML measures can effectively reduce these risks.
KYC (Know Your Customer): Establishing effective KYC processes is the first step toward compliance. This includes collecting and verifying user identity information such as name, address, government-issued IDs, and other relevant documents. KYC procedures must comply with local laws and regulations and be regularly updated and reviewed. Importantly, when handling personal data, strict adherence to privacy laws is required, with clear disclosure to users about how their data will be collected and used. While KYC is more applicable in traditional finance, KYT is better suited for the blockchain ecosystem.
KYT (Know Your Transaction): KYT refers to the process financial institutions use to monitor transactions for signs of fraud or suspicious activity. It helps identify the source and destination of each transaction, assess risk levels, take preventive actions, and report anomalies to regulators. Unlike KYC, which focuses on static customer identities, KYT emphasizes dynamic transaction behaviors. In traditional finance, KYT may currently be considered supplementary, but in the world of digital assets, KYT is increasingly becoming essential for risk management.
The reason lies in the fundamental differences between blockchain and traditional banking. There is no formal account opening process requiring extensive documentation; users can freely create countless anonymous addresses without relying on intermediaries. In such an environment, identifying the real-world identity behind a random wallet address is nearly impossible, making anti-money laundering efforts extremely challenging. KYT enables blockchain participants to detect risky addresses and transactions, identify blacklisted addresses associated with illicit activity, and trace them back to their origins and endpoints. By analyzing suspicious transaction patterns, darknet market addresses, connected accounts, and exchange KYC records, KYT links on-chain pseudonyms to real-world entities, bridging the gap between anonymous digital transactions and identifiable offline identities.
AML (Anti-Money Laundering): Implement robust transaction monitoring systems to detect and report suspicious or abnormal activities. Leverage advanced tools and analytics to track customer transaction patterns, fund flows, and risk indicators, enabling timely investigations and regulatory reporting.
Effective KYC, KYT, and AML practices reduce exposure to money laundering, terrorist financing, and other financial crimes, build trust and credibility, and create a safer, more reliable environment for both the project and its users.
Conclusion
As more countries and regions incorporate virtual asset anti-money laundering regulations into their legal frameworks, institutions involved in token issuance and transfer must inevitably supplement KYC with KYT to meet regulatory compliance requirements.
While pursuing technological innovation and business model exploration, cross-chain entrepreneurs must prioritize legal risk management. Only by safeguarding themselves personally can they ensure the long-term sustainability of their projects and the security of user assets.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News










