Analyst firm Chainalysis reveals that Multichain may be an intrinsic rug pull. This appears to be a hack or rug pull by an insider,” the company wrote in a blog post on July 10.
However, Chainalysis believes that the vulnerability could result from administrator keys have been compromised, suggesting that they might be an “inside job”.
A Chainalysis spokesperson confirmed that the company “explained that this was likely a rug pull.”
Multichain smart contracts use a multi-party computation (MPC) system, similar to a cryptocurrency wallet. multi-signature
“It’s possible that an attacker manipulated Multichain’s MPC keys to exploit this vulnerability,” Chainalysis said.
“Although it’s possible these keys were stolen by an outside hacker. But many security experts and other analysts believe the hack could come from an insider or a scam. This is partly due to the recent issues Multichain has experienced.”
Chainalysis says the clearest example of these internal problems is The disappearance of the CEO of Multichain, also known as “Zhaojun,” in late May. The platform has also suffered from delayed transactions and other technical issues, which resulted in Binance ending support for multiple connected tokens on July 7.
meanwhile An unusual outflow of “Multichain Executor addresses” was also reported, with on-chain detective Spreek and Twitter user reporting on the outflow of more than $100 million from a multichain bridge that occurred on July 7.
As Spreek reports, “Multichain Executor Addresses have exhausted any Token Address on many networks today. and move them all to the new EOA. [บัญชีที่เป็นเจ้าของภายนอก]”
Spreek said Funds will be sent to the address: 0x1eed63efba5f81d95bfe37d82c8e736b974f477b, which Ethereum blockchain data shows at this address.receive DAI from Multichain Executor on July 10, about five minutes after the previous transaction.
Online detectives theorize that An attacker may use the anySwapFeeTo function to charge arbitrary amounts. This allows them to steal users’ money.
The Multichain team simply declared the withdrawals as “abnormal” and told users to stop using the protocol. However, the team did not announce what the source of the anomaly was.