- Smart contracts on Multichain are executed using a multiparty computation mechanism.
- Chainalysis speculated that the attacker may have compromised Multichain’s MPC keys.
According to Chainalysis, a blockchain security and analytics company, the exploit of the cross-chain bridge technology Multichain that cost millions of dollars may have been an internal rug pull.
The firm stated:
“On July 6, 2023, cross-chain bridge protocol Multichain experienced unusually large, unauthorized withdrawals in what appears to be a hack or rug pull by insiders.”
Over $125 million has been lost as a direct consequence of the exploit. However, according to Chainalysis, the attack might have been the consequence of stolen administrator keys, suggesting it was an “inside job.”
Internal Issues
Smart contracts on Multichain are executed using a multiparty computation (MPC) mechanism, which the company likened to a multisignature wallet.
Chainalysis speculated that the attacker may have compromised Multichain’s MPC keys in order to launch the vulnerability. According to Chainalysis, the most glaring manifestation of these internal problems was the disappearance of Multichain’s CEO, “Zhaojun,” in late May.
Binance discontinued support for some of its bridging tokens on July 7 because of delayed transactions and other technical issues. Meanwhile, recently, numerous fictitious transactions involving Multichain tokens have been detected by blockchain detectives.
One source of the irregular outflows was the Multichain executor address, which drained token addresses from many chains. On July 8, Circle and Tether, two stablecoin issuers, froze roughly $65 million in funds related to the Multichain attack.
Knowledge graph protocol 0xScope reports that at least $63.2 million USDC was sent to three addresses before being frozen. According to another report by the Fantom Foundation, Etherscan froze over $2.5 million in Tether USDT from two addresses labeled “Multichain Suspicious Addresses.”
Highlighted Crypto News Today:
