According to blockchain security and analytics company Chainalysis, the multimillion-dollar Multichain cross-chain bridge protocol vulnerability may have been an internal rug pull.
“On July 6, 2023, cross-chain bridge protocol Multichain experienced unusually large, unauthorized withdrawals in what appears to be a hack or rug pull by insiders,” the company stated in a blog post on July 10.
More than $125 million has already been lost due to the exploit.
But according to Chainalysis , the exploit might have been caused by hacked administrator keys, which some people say suggests it might have been a “inside job.”
The company itself described the ongoing situation as “a possible rug pull.”
As per the company, Multichain’s smart contracts utilize a multiparty computation (MPC) mechanism comparable to a multisignature wallet.
In other words, a total of more than $125 million in Bitcoin was taken out of Multichain, with the Fantom bridge accounting for approximately $120 million of that sum. Wrapped Ether (wETH), wrapped Bitcoin (wBTC), and USDC are among the assets removed from the protocol. The attacker also took $6.8 million from the Moon River bridge, which included cash in USDC and Tether, and $666,000 from the Dogecoin bridge, causing a loss of 85% of all deposits.
“It is possible that the attacker gained control of Multichain’s MPC keys to pull off this exploit,” the report said and added that “while it’s possible that those keys were taken by an outside hacker, many security experts and other analysts believe this exploit may have been carried out internally or as a ruse, in part because of recent Multichain problems.”
Chainalysis claimed that the CEO of Multichain, known as “Zhaojun,” vanished in late May as the most overt manifestation of these internal problems. As a result of the platform’s delayed transactions and other technical issues, Binance stopped supporting a number of its bridging tokens on July 7.
According to blockchain sleuths, the past few hours have seen more fictitious Multichain token trades. The Multichain Executor Address drained token addresses across many chains and was one of the irregular inflows.
Assets linked to the Multichain attack totaling more than $65 million were frozen by stablecoin issuers Circle and Tether on July 8.
It was noteworthy, according to Chainalysis, that the exploiter “did not swap out of centrally controlled assets like USDC, which can be frozen by the issuing company.”
The Multichain team stated they were starting an inquiry after the significant withdrawals and advised users to cease transactions. The team tweeted that the protocol would discontinue service permanently the next day, on July 7. Regrettably, con artists also used Twitter to disseminate a phishing link and pose as the Fantom Foundation in an effort to dupe impacted users into believing they had received an “emergency FTM distribution.”
Cross-chain bridge exploits can be challenging to predict, but there may be a number of ways to reduce the risk and stop similar exploits from happening. To help developers standardize projects and investors assess protocol viability, one method is to conduct thorough code audits.
Despite the fact that the Multichain hack appears to have been caused by compromised keys rather than by flawed code, reliable audit reports frequently specify which portions of protocols are under the control of external addresses and thus susceptible to private key theft, which may aid users in determining the level of risk. Any protocol’s users can also do their study before making a transaction.