In one of the biggest crypto attacks, cross-chain bridge protocol Multichain recently experienced unauthorized withdrawals of millions worth of crypto assets from its repositories.
On July 6, 2023, more than $125 million worth of different cryptocurrencies were lost to this attack. Almost $120 million of that figure came from Multichain’s Fantom bridge, with the remaining coming from the Dogecoin, Moonriver, Kava, and Conflux bridges. Assets removed from the cross-chain protocol include wrapped Ether (wETH), wrapped Bitcoin (wBTC), USDC, and USDT.
However, contrary to popular beliefs of an outside attack, blockchain analytics company Chainalysis believes this multi-million dollar exploit could have been a hack or rug pull orchestrated by insiders, due in part to Multichain’s recent issues.
Multichain’s Recent Exploit Seems Like An Internal Attack
Multichain’s smart contracts are secured by a multi-party computation (MPC) system, which has a similar operation to a multi-signature wallet system. As the name suggests, an MPC system basically shares fragments of a private key between different parties who can then cooperate to execute transactions.
However, these systems are still vulnerable to hacks if an attacker gains possession of an adequate number of MPC keys. According to Chainalysis, there is a possibility that the hacker gained control of Multichain’s MPC keys to execute this attack.
Chainalysis claims this alleged internal attack could be because of the recent struggles faced by Multichain. One of these issues is the disappearance of the protocol’s CEO Zhaojun in May, leading to the inability to perform necessary maintenance on the platform. As a result, the protocol’s team had to halt cross-chain services for over 10 chains, including DynoChain, Kekchain, Public Mint, etc.
Prior to this, Multichain had been experiencing delayed transactions across multiple cross-chain bridges. Due to these technical inconveniences, Binance suspended deposits and withdrawals for several Multichain-bridged tokens.
The blockchain analytics firm believes that the Multichain attack is possibly the result of administrator keys being compromised, an action many security firms feel was carried out internally.
Blockchain security firm SlowMist, for instance, said the exploit looks “more like a hack or rug pull” and less like the mere movement of funds. Meanwhile, security audit firm Certik said the attack seems to be “the result of a private key compromise”, and clarified that there are no issues with the protocol’s codebase.
What’s Happened Since The Exploit?
From FUD to outright panic, there has been a range of emotions in the crypto community since the cross-chain exploit. On the 7th of July, the Multichain protocol stopped all its cross-chain transactions indefinitely, while asking users to avoid its bridging service for now. A day later, stablecoin companies Tether and Circle froze more than $65 million in USDT and USDC assets associated with the exploit.
Related Reading: Binance Terminates Support For 8 Multi-Chain Bridged Tokens
It is worth noting that the attacker didn’t change or swap the centrally-controlled assets, such as USDC and USDT, for other decentralized assets.
That said, there have been reports of more suspicious Multichain assets movements in the past few hours. According to a blockchain sleuth who goes by Meta Sleuth on Twitter, roughly $103 million have been removed from any token addresses across 9 chains through the Multichain Executor address.