- Multichain has recorded another round of outflows amounting to over $100 million in unclear circumstances
- Blockchain analysts like Chainalysis think the recent happenings at the cross-chain bridge have the characteristics of a rug pull or a hack
- The Multichain team is yet to explain whether the platform has been hacked, only admitting that there’s an abnormal movement of funds
Cross-chain bridge Multichain has recorded another round of outflows amounting to over $100 million in unclear circumstances, less than a week after $126 million was siphoned from the platform in similarly mysterious ways. Blockchain analysts like Chainalysis think that the recent happenings at the cross-chain bridge have the characteristics of a rug pull or a hack. The Multichain team is yet to admit or deny being hacked only saying that there has been an abnormal movement of funds.
Multichain or Malicious Actor?
According to reports, the latest movement of funds was conducted by an individual with access to the platform’s administrator keys or Executor address although it’s unclear whether the entity is a Multichain team member or a malicious actor.
Another $103M has been transferred from #MultiChain to the 0x1eed63efba5f81d95bfe37d82c8e736b974f477b address.
Total transfer from Fantom, Arbitrum, Optimism, Cronos, Polygon, Avaleanche, BNB chain, Moonbeam, Ethereum:
$USDC: $23,999,250$fUSDT: $29,657,932 $WBTC: $2,139,053… https://t.co/K7XL55uOMS— Beosin Alert (@BeosinAlert) July 11, 2023
The address has been withdrawing tokens from multiple blockchains and depositing them to an external wallet. Tokens drained using this method include Ethereum-based Dai, BSC-based USDC and BSC-based BTC.
With a similar incident happening the day before involving the protocol’s USDT version (anyUSDT), on-chain sleuth Spreek observed that the current happenings are outside Multichain’s normal operations. Spreek thinks that the attacker may have introduced abnormally high fees enabling them to steal the funds.
It is unclear whether this is authorized behavior. Previously the same method was used yesterday by a different MPC address on the anyUSDT token on mainnet. The tokens were then immediately sold to ETH, suggesting that that similar address was the actions of a malicious actor.
— Spreek (@spreekaway) July 10, 2023
It May be an Inside Job
According to Chainalysis, the exploit may be an inside job, adding that the sudden disappearance of the project’s CEO two months ago further points to the involvement of the team in the recent happenings at Multichain.
With the Multichain team yet to provide an explanation of what’s really happening at the platform, a rug pull seems like a possible conclusion.
