July 11, 2023 at 16:25 GMTModified date: August 9, 2023 at 10:27 GMT
July 11, 2023 at 16:25 GMT

Chainalysis suggests rug pull for Multichain exploit

A 10 July report released by blockchain analytical firm Chainalysis has raised questions about the recent Multichain exploit.

Crypto hacking. Pic: Unsplash

A 10 July report released by blockchain analytical firm Chainalysis has raised questions about Multichain’s recent exploit. Delving into the protocol’s mysterious withdrawals, it has suggested the possibility of the exploit being a rug pull from insiders.

The cross-chain bridge protocol Multichain experienced unusually large and unauthorised withdrawals on 6 July 2023. It resulted in huge losses of more than $125million.

While Chainalysis did admit that cross-chain bridge protocols were easy targets for hackers, it stood suspicious of Multichain’s exploit in the light of “some notable issues unrelated to its protocol design”.

Amongst the many is the disappearance of Multichain’s CEO, who is known by the alias Zhaojun. The team has been unable to contact him since 31 May 2023. Due to this, Multichain failed to perform necessary technical maintenance on the platform.

Following rumours about Zhaojun’s alleged arrest in China and confiscation of $1.5billion of the protocol’s smart contract funds, services for more than 10 chains were also forcefully suspended. After the infamous exploit, Binance also put an end to its support for several tokens bridged through Multichain.

Chainalysis seemed to have several reservations over the actions of the attackers. Swapping all centralised tokens which are likely to be frozen is a usual practice of attackers in most of the exploits. However, it stated in its report that the exploiter of Multichain did not swap assets such as USDC and USDT. This allowed stablecoin firms, Circle and Tether, to freeze the addresses holding approximately $65m in USDT and USDC stolen from Multichain.

The suspicion of a rug pull at the hands of insiders is also backed up by several on-chain investigators. They suggest that the nature of the exploit indicates that the administrator keys were compromised. Even though the possibility of the attacker gaining control of the keys exists, the likelihood of an insider getting access seemed to be easier.