Multichain’s ‘mysterious withdrawals’ have whiffs of a ‘rug pull’ — Chainalysis
Chainalysis told Cointelegraph that it was “describing it as a possible rug pull” based on an analysis of Multichain’s spurious transactions and internal problems.
The multimillion-dollar exploit of cross-chain bridge protocol Multichain could have been an internal rug pull, according to blockchain security and analytics firm Chainalysis.
“On July 6, 2023, cross-chain bridge protocol Multichain experienced unusually large, unauthorized withdrawals in what appears to be a hack or rug pull by insiders,” the firm wrote in a July 10 blog post.
The exploit has so far resulted in the loss of more than $125 million.
On July 6, @MultichainOrg experienced unusually large, unauthorized withdrawals, resulting in losses of more than $125M. It’s one of the biggest #crypto hacks on record.
Read on to learn what we know so far: https://t.co/ib2K6sIrID pic.twitter.com/BBY3iU75oB
— Chainalysis (@chainalysis) July 10, 2023
However, Chainalysis believes the exploit may have resulted from compromised administrator keys, which some suggest means it could have been an “inside job.”
In a statement to Cointelegraph, a spokesperson for Chainalysis confirmed the firm is “describing it as a possible rug pull.”
Multichain’s smart contracts use a multiparty computation (MPC) system, which is similar to a multisignature wallet, the firm explained.
“It is possible that the attacker gained control of Multichain’s MPC keys in order to pull off this exploit,” Chainalysis said, adding:
“While it’s possible those keys were taken by an external hacker, many security experts and other analysts think this exploit could be an inside job or rug pull, due in part to recent issues suffered by Multichain.”
Chainalysis said the most obvious example of these internal issues was the disappearance of Multichain’s CEO, known as “Zhaojun,” in late May. The platform also suffered delayed transactions and other technical problems resulting in Binance ending support for several of its bridged tokens on July 7.
Cointelegraph reached out to Multichain about the claims but did not receive a response by publication.
Related: Connext founder proposes ‘Sovereign Bridged Token’ standard after Multichain incident
Meanwhile, blockchain sleuths have reported more spurious Multichain token movements in the past few hours. The abnormal outflows included the Multichain executor address draining token addresses across several chains.
The Multichain Executor address has been draining anyToken addresses across many chains today and moving them all to a new EOA pic.twitter.com/gqDaXMBl96
— Spreek (@spreekaway) July 10, 2023
On July 8, stablecoin issuers Circle and Tether froze over $65 million in assets tied to the Multichain exploit.
Chainalysis commented that it was interesting that the exploiter “did not swap out of centrally controlled assets like USDC, which can be frozen by the issuing company.”
Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story