In a recent report by on-chain sleuth Spreek, it has been revealed that an individual is utilizing the Multichain Executor to “drain” tokens associated with the AnySwap bridging protocol. This follows abnormal outflows of over $100 million from Multichain bridges on July 7, as reported by the Multichain team. The suspicious activity involves the transfer of funds worth hundreds of thousands of dollars to the Multichain Executor using the “anySwapFeeTo” function.
According to Spreek’s findings, the Multichain Executor address has been draining various anyToken addresses across multiple chains and transferring them to a new externally owned account (EOA). Ethereum transaction 0x53ede4462d90978b992b0a88727de19afe4e96f0374aa1a221b8ff65fda5a6fe further reveals that the Multichain Router: V4 contract minted approximately $15,275.90 worth of anyDAI on Ethereum, which was then burned and exchanged for DAI stablecoin.
DAI conversion by Multichain Executor. Source: Blockchain data
The transferred funds are being sent to another address: 0x1eed63efba5f81d95bfe37d82c8e736b974f477b. On BNB Smart Chain (BSC), Multichain Executor converted $208,997 worth of anySwap US Dollar Coin (USDC) into Binance-Pegged USDC and sent them to the same address. Additionally, the contract converted 50.80 anyBTC into Binance-Pegged Bitcoin (BTCB) and transferred them to the address.
Overall, approximately $263,524.33 worth of tokens have been sent to the address through the anySwapFeeTo method. While Spreek suggests that this behavior could be part of the protocol’s normal functioning, they point out that a similar account engaged in such activities the day before and sold the drained tokens, indicating malicious intent.
The Multichain incident has baffled blockchain analysts
There is speculation that the attacker may exploit the anySwapFeeTo function by setting fees to an arbitrarily large amount, enabling them to drain users’ funds. The Multichain incident has puzzled blockchain analysts, who are uncertain whether it resulted from an exploit or if large token holders are simply moving their funds across networks.
On July 7, over $100 million worth of tokens were withdrawn from Multichain’s bridges, leading to concerns among users and causing the Multichain team to classify the withdrawals as “abnormal.” However, the source of the anomaly remains unclear. Stablecoin issuers Circle and Tether froze some addresses involved in the strange transactions, while Chainanalysis stated that the incident appeared more like a hack or rugpull than a migration.
The Multichain team has reported their CEO as missing and shut down certain bridges due to their lack of access to the network’s multi-party computation servers. The situation raises questions about the security of blockchain networks, DeFi platforms, and potential scams within the cryptocurrency industry.