Crypto bridging platform Multichain has ceased operations two months after its founder was arrested by Chinese authorities.
The team was forced to reach the decision due to its inability to access information and servers required to continue operations. In an elaborate twitter thread, it was explained that CEO Zhaojun was taken by Chinese authorities in May and has remained unreachable since. Consequently, the team’s access to the MPC node servers was revoked as they discovered that the servers were running under Zhaojun’s personal cloud server account which no member has access to.
After contacting Zhaojun’s family, they found out that the police had seized Zhaojun’s computers, phones, hardware wallets and even mnemonic phrases.
The team then decided to painstakingly continue project operations despite limited access to company resources. However, on 7 July, user assets locked in MPC addresses were transferred to unknown addresses, and later, Zhaojun’s sister, who had preserved some assets, was also taken into custody.
Following these events, the team took the decision to cease operations citing reasons of lack of information, operational funds and access to resources.
Allegations of inside hack and rug pull
On 7 July, blockchain security firm Peckshield called Multichain’s attention to suspicious movements of funds amounting to about $126million.
It was uncertain at the time if the cross-chain router protocol was hacked. Multichain didn’t immediately provide clarity on the transactions either. Rather, they asked users to stop using the bridging service and revoke all contract approvals.
Few days after the incident, multiple security firms suggested that the hack was an inside job.
Certik said that none of its audits pointed to a vulnerability in Multichain’s codebase.
“This exploit appears to be the result of a private key compromise, and as such falls outside the scope of the audits we conducted,”
Another blockchain security firm, Slowmist said: “It appears that activity has stopped. However, with multiple bridges all being drained, this looks more like a hack or rug pull and less like a migration.”
Chainalysis added: “Multichain’s exploit is potentially the result of administrator keys being compromised.”
There is also a significant degree of doubt among Twitter users regarding the authenticity of the hack narrative.