Multichain’s ‘mysterious withdrawals’ have whiffs of a ‘rug pull’ — Chainalysis
The multi-million dollar exploit of cross-chain bridge protocol Multichain could have been an internal rug pull, according to blockchain security and analytics firm Chainalysis.
“On July 6, 2023, cross-chain bridge protocol Multichain experienced unusually large, unauthorized withdrawals in what appears to be a hack or rug pull by insiders,” the firm wrote in a July 10 blog post.
The exploit has so far resulted in the loss of more than $125 million.
On July 6, @MultichainOrg experienced unusually large, unauthorized withdrawals, resulting in losses of more than $125M. It’s one of the biggest #crypto hacks on record.
Read on to learn what we know so far: https://t.co/ib2K6sIrID pic.twitter.com/BBY3iU75oB
— Chainalysis (@chainalysis) July 10, 2023
However, Chainalysis believes the exploit may have been the result of administrator keys being compromised, which some suggest means it couldy have been an “inside job.”
In a statement to Cointelegraph, a spokesperson for Chainalysis confirmed the firm is “describing it as a possible rug pull.”
Multichain’s smart contracts use a multi-party computation (MPC) system, which is similar to a multi-signature wallet, the firm explained.
“It is possible that the attacker gained control of Multichain’s MPC keys in order to pull off this exploit,” Chainalysis said before adding:
“While it’s possible those keys were taken by an external hacker, many security experts and other analysts think this exploit could be an inside job or rug pull, due in part to recent issues suffered by Multichain.”
Chainalysis said the most obvious example of these internal issues was the disappearance of Multichain’s CEO, known as “Zhaojun,” in late May. The platform also suffered delayed transactions and other technical problems resulting in Binance ending support for several of its bridged tokens on July 7.
Cointelegraph reached out to Multichain for a response to the claims but had not heard back at the time of publication.
Related: Connext founder proposes ‘Sovereign Bridged Token’ standard after Multichain incident
Meanwhile, blockchain sleuths have reported more spurious Multichain token movements over the past few hours. The abnormal outflows were the Multichain Executor address draining anyToken addresses across several chains, they reported.
The Multichain Executor address has been draining anyToken addresses across many chains today and moving them all to a new EOA pic.twitter.com/gqDaXMBl96
— Spreek (@spreekaway) July 10, 2023
On July 8, stablecoin issuers Circle and Tether froze more than $65 million in assets tied to the Multichain exploit.
Chainalysis commented that it was interesting that the exploiter “did not swap out of centrally controlled assets like USDC, which can be frozen by the issuing company.”
Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story
