Multichain Exploited for Another $100 Million as Experts Suspect an Inside Job

The internet is awash with speculation that the illicit transactions could be an inside job.

A hacker draining a bubble of money from the inside
Created by Gabor Kovacs from DailyCoin
  • The Multichain Bridge network has been exploited for more than $100 million.
  • The hack is the second such incident to affect Multichain recently after the suspected theft of $126 million forced its temporary suspension last week.
  • The internet is awash with speculation that the illicit transactions could be an inside job.

Cross-chain Bridges on the Multichain network have again been exploited for over $100 million worth of crypto.

The latest exploit follows a previous security breach on July 6th. The original incident resulted in $126 million in potential losses and forced Multichain to suspend all transactions temporarily. 

Multichain Hit by Second Exploit in a Week

In the latest suspicious transactions, an unidentified actor moved funds across Multichainโ€™s Arbitrum, Avalanche, BNB Chain, Cronos, Fantom, Polygon, Moonbeam, Optimism, and Ethereum Bridges. 

Sponsored

While the initial exploit only affected Multichainโ€™s Dogechain, Fantom, and Moonriver Bridges, the latest transaction round spanned nine blockchains.

On the morning of Tuesday 11th, a basket of different cryptocurrencies, mostly comprised of stablecoins, Bitcoin, and Ether, was transferred to a new address. A single crypto wallet received over $100 million worth of assets.

DeBank digital assets portfolio.
Source: DeBank

Adding to the networkโ€™s woes, the transfers occurred at a time when bridge transfers on Multichain should have been suspended, after the initial $126 million theft on July 6th. 

At the time of writing, the Multichain team has yet to comment on the most recent exploit. But the nature of recent security breaches has led experts to question whether they could be an inside job.

An Inside Job? Speculation Abounds

Blockchain analytics firm Chainalytics observed that the theft bears signs of a rug pull potentially carried out by Multichainโ€™s core development team. Analysts reached this conclusion because Multichainโ€™s smart contracts are secured by a multi-party computation (MPC) system. 

Similar to a multisignature wallet, MPC systems split shards of a private key between many different parties, who must come together to execute transactions. 

While the system is intended to prevent a single actor from gaining access to the networkโ€™s funds, it would remain vulnerable to any attacker that possesses multiple MPC keys.

One particularly alarming aspect dates back to May 31st, when the Multichain team stated they could not contact the projectโ€™s founder and CEO, known by the pseudonym Zhaojun. The mysterious CEOโ€™s social media accounts have remained inactive ever since, and no information concerning their whereabouts has emerged. 

A tweet from Multichain regarding issues with the chains.
Source: Twitter

Zhaojunโ€™s disappearance was accompanied by rumors that core members of the founding team were arrested in China, where authorities purportedly gained control of critical Multichain access codes.

โ€œHighly Likelyโ€ Attacker Controls Multichain Private Keys 

In a behavioral analysis of the initial exploit, Beosin noted some oddities about the illicit transactions:

  • There were no fees associated with the transfers. 
  • The timing of the transactions is inconsistent with hackers stealing in bulk through scripts or vulnerabilities.
  • Multichain did not immediately transfer the remaining assets of the address and took hours to announce the suspension of service. 

From these facts, Beosin concluded that it is โ€œhighly likely that the hacker had control of the private key.โ€ 

In comments on the later activity, the security company again observed the odd timings and high level of access needed to initiate the transfers. From this, they speculated that it could be an internal operation.

On the Flipside

  • Despite speculation, there is currently no hard evidence to suggest that any member of the Multichain team is responsible for the recent loss of funds. 
  • After the first attack, Tether and Circle managed to freeze the stolen USDT and USDC and may do so again.

Why This Matters

The suspected hack is the second major incident to affect Multichain Bridges in the space of a week. Around $230 million in assets were transferred without explanation between the two events, potentially amounting to one of the biggest crypto thefts ever. Between the exploits themselves and the rumors swirling around its core members, the future of Multichain Bridges is now uncertain.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Tags
Author
James Morales

James is a London-based technology writer and crypto journalist. He started his career writing about digital art before honing his craft as a financial technology reporter. These days, James is interested in all things Web3 and the radical potential of decentralized technologies. When researching for his stories, James enjoys taking a deep dive into the data. At the same time, he appreciates the human elements that add color to the news, which he believes can not only showcase the latest technological developments but can help us understand what they mean for our everyday lives.

Read more