Multichain ceases operation after arrest of CEO

Crypto bridging platform Multichain has ceased operations two months after its founder was arrested by Chinese authorities. 

The team was forced to reach the decision due to its inability to access information and servers required to continue operations. In an elaborate twitter thread, it was explained that CEO Zhaojun was taken by Chinese authorities in May and has remained unreachable since. Consequently, the team’s access to the MPC node servers was revoked as they discovered that the servers were running under Zhaojun’s personal cloud server account which no member has access to. 

After contacting Zhaojun’s family, they found out that the police had seized Zhaojun’s computers, phones, hardware wallets and even mnemonic phrases. 

The team then decided to painstakingly continue project operations despite limited access to company resources. However, on 7 July, user assets locked in MPC addresses were transferred to unknown addresses, and later, Zhaojun’s sister, who had preserved some assets, was also taken into custody.  

Following these events, the team took the decision to cease operations citing reasons of lack of information, operational funds and access to resources.

Allegations of inside hack and rug pull

On 7 July, blockchain security firm Peckshield called Multichain’s attention to suspicious movements of funds amounting to about $126million.

Hi @MultichainOrg you may want to take a look: https://t.co/D4GKGpuBtw pic.twitter.com/3qURqGmes8

— PeckShield Inc. (@peckshield) July 6, 2023

It was uncertain at the time if the cross-chain router protocol was hacked. Multichain didn’t immediately provide clarity on the transactions either. Rather, they asked users to stop using the bridging service and revoke all contract approvals. 

The Multichain service stopped currently, and all bridge transactions will be stuck on the source chains.

There is no confirmed resume time.

Please don’t use the Multichain bridging service now.

— Multichain (Previously Anyswap) (@MultichainOrg) July 7, 2023

Few days after the incident, multiple security firms suggested that the hack was an inside job.

Certik said that none of its audits pointed to a vulnerability in Multichain’s codebase.

“This exploit appears to be the result of a private key compromise, and as such falls outside the scope of the audits we conducted,”

Another blockchain security firm, Slowmist said: “It appears that activity has stopped. However, with multiple bridges all being drained, this looks more like a hack or rug pull and less like a migration.”

Chainalysis added: “Multichain’s exploit is potentially the result of administrator keys being compromised.”

There is also a significant degree of doubt among Twitter users regarding the authenticity of the hack narrative.

I knew there was no way it was exploited in the way that was first said. I'm glad the guy got arrested he deserves everything coming to him. Had some friends fall victim to this indirectly because of all the attackers using the name to create new scams. 🤬

— ⓧ treebs 🛡️ (@treebsOG) July 14, 2023

TLTR: 👇👇
Oh no, the Multichain CEO disappeared like magic 🧙‍♂️ and now the team's funds & access to servers are missing too! 🙈

— Velajuel.eth (@velajuels) July 14, 2023