MultiChain Abnormal Transfers Have The Markings Of A Rug Pull, Chainalysis Suggests

The "abnormal withdrawals" amounting to approximately $126 million in cryptocurrency from the cross-chain bridge protocol MultiChain could have been an internal rug pull, according to blockchain security and analytics firm Chainalysis.

"On July 6, 2023, cross-chain bridge protocol Multichain experienced unusually large, unauthorized withdrawals in what appears to be a hack or rug pull by insiders," Chainalysis said in a new blog post.

Considered one of the biggest cryptocurrency hacks on record, malicious actors moved around $126 million – consisting of $30.9 million in WBTC, $13.6 million in wETH, and $57 million in USDC – and "$120 million" of it came from Multichain's Fantom bridge, according to Chainalysis.

While the blockchain security firm has not yet released the reason behind the multi-million hack, it toyed with the possibility that "the attacker gained control of Multichain's MPC keys in order to pull off this exploit."

"Multichain's exploit is potentially the result of administrator keys being compromised. While it's possible those keys were taken by an external hacker, many security experts and other analysts think this exploit could be an inside job or rug pull, due in part to recent issues suffered by Multichain," the firm noted.

In May, MultiChain's CEO, known by the name Zhaojun, disappeared as the team revealed they couldn't reach the executive. It restricted them from doing the necessary preventive maintenance on the platform because only the CEO holds the keys to access the servers.

There were rumors that the CEO was arrested in China and the government seized around 41.5 billion of the protocol's smart contract funds.

Following MultiChian's announcement, the team suspended cross-chain operations of Kekchain, PublicMint, Dyno Chain, Red Light Chain, Dexit, Ekta, HPB, ONUS, Omax, Findora and Planq.

The CEO's disappearance also resulted in delays in transactions and several other technical issues that triggered Binance, the world's largest crypto exchange platform by trading volume, to end its support for several tokens bridged on MultiChain from July 7.

Stablecoin issuers Tether and Circle immediately froze crypto assets moved by malicious actors. Circle froze around $63.2 million in USD Coin (USDC), while Tether froze more than $2.5 million in USDT from MultiChain suspicious addresses.

Chainalysis suggests that because of the hack, the protocol should undergo an audit to identify which parts are controlled by external addresses, which makes it vulnerable to attacks.

"While the MultiChain hack appears to have been the result of keys being compromised rather than faulty code, reputable audit reports often explicitly identify which parts of protocols are controlled by external addresses and therefore vulnerable to private key theft, which may help users better assess risk," the blockchain security and analytics firm said.