Table of Contents
Blockchain security and analytics firm Chainalysis has suggested that the multimillion-dollar exploit of the Multichain Protocol could be indicative of a rug pull.
Multimillion Dollar Exploit Was Inside Job?
The cross-chain bridge protocol Multichain has fallen victim to a multimillion-dollar exploit that Chainalysis believes is an inside job. The incident, which took place on July 6, 2023, involved unauthorized withdrawals of an unusually large scale and resulted in a staggering loss of around $130 million.
The aftermath of this exploit has left the blockchain community stunned, as Multichain was once regarded as a promising cross-chain bridge protocol. However, with the suspicion of an inside job, questions arise regarding the integrity and security practices within the organization.
Hacker Seized MPC Keys
Chainalysis expressed its suspicions in its July 10th blog post calling the situation “a hack or rug pull by insiders.” This aligns with the prior claims made by blockchain security firm SlowMist, which also raised the possibility of internal involvement.
The latter tweeted,
“It appears that activity has stopped. However, with multiple bridges all being drained, this looks more like a hack or rug pull and less like a migration. Please do not use and revoke all permission related to Multichain.”
Explaining the technical aspects of Multichain's smart contracts, Chainalysis highlighted their use of a multiparty computation (MPC) system, much like a multisignature wallet. The firm suggested that the attacker might have gained control of Multichain's MPC keys to orchestrate this exploit. While acknowledging the chance of external hackers obtaining the keys, experts and analysts are leaning toward an inside job or rug pull due to recent questionable incidents surrounding the protocol.
Shady Incidents At Multichain
One prominent example of these incidents happened toward the end of May, when the protocol’s CEO, “Zhaojun” went missing. There was immediate speculation that Chinese authorities had arrested him.
Additionally, the platform suffered from delayed transactions and various technical problems, leading Binance to withdraw its support for several bridged tokens on July 7.
As the investigation unfolds, blockchain analysts have uncovered further dubious token movements associated with Multichain. These abnormal outflows included draining token addresses across multiple chains through the Multichain executor address.
Furthermore, on July 8, stablecoin issuers Circle and Tether took swift action by freezing over $65 million in assets linked to the Multichain exploit. Also, the fact that the exploiter did not bother swapping out the centrally controlled assets like USDC, which can be easily frozen by the issuing company, just adds to the dubious nature of the entire situation.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.