Blockchain security and analytics firm Chainalysis has raised concerns over the recent multi-million dollar exploit at Multichain, suggesting it may have been an internal rug pull. The incident, which occurred on July 6, involved unauthorized withdrawals that resulted in losses exceeding $125 million. Chainalysis suspects that compromised administrator keys might have been used to carry out the exploit, indicating a potential inside job. This theory aligns with previous suggestions made by blockchain security firm SlowMist.
Multichain’s smart contracts utilize a multi-party computation (MPC) system, similar to a multi-signature wallet. Chainalysis explained that the attacker may have gained control of Multichain’s MPC keys, thereby facilitating the exploit. While external hackers cannot be ruled out, several security experts and analysts believe the incident could be an inside job or rug pull due to recent internal issues experienced by Multichain. One notable issue was the disappearance of Multichain’s CEO, known as “Zhaojun,” in late May. Additionally, the platform encountered delays in transactions and other technical difficulties, leading Binance to cease support for several bridged tokens on July 7.
Despite attempts to reach out to Multichain for a response, there has been no official comment from the company regarding these claims. Meanwhile, blockchain investigators have observed further suspicious movements of Multichain tokens in recent hours. These abnormal outflows involve the Multichain Executor address draining anyToken addresses across multiple chains, signaling potentially illicit activity.
Furthermore, in a notable twist, stablecoin issuers Circle and Tether froze over $65 million tied to the Multichain exploit on July 8. Chainalysis found it intriguing that the exploiter did not convert the assets into centrally controlled assets like USDC, which could have been frozen by the issuing company.
The incident at Multichain highlights the ongoing challenges facing cryptocurrency security and the risks associated with internal vulnerabilities. The investigation into this exploit continues, shedding light on the need for robust security measures to safeguard digital assets and prevent fraudulent activities within blockchain networks.