Multichain (MULTI), a rug pull? New $103 million hack reported

Multichain is feeling the heat. After the confirmation of a $125 million theft last week, a new hack has been reported involving $103 million. Analysts are not ruling out the possibility of an inside job.

Multichain, some $230 million evaporated

What appeared to be suspicious transactions of around ten million dollars withdrawn via the Fantom network became a proven hack. Fortunately, Circle and Tether were able to get their hands on some of the stolen stablecoins. If they did, it wouldn’t be a hemorrhage, but a bloodbath.

But if the latest news is to be believed, the former Anyswap platform has been hacked again. The amount involved seems enormous: $103 million.

Another $103M has been transferred from #MultiChain to the 0x1eed63efba5f81d95bfe37d82c8e736b974f477b address.

Total transfer from Fantom, Arbitrum, Optimism, Cronos, Polygon, Avaleanche, BNB chain, Moonbeam, Ethereum:
$USDC: $23,999,250$fUSDT: $29,657,932 $WBTC: $2,139,053… https://t.co/K7XL55uOMS

— Beosin Alert (@BeosinAlert) July 11, 2023

Details about the new Multichain attack

“An additional $103 million was transferred from Multichain to address 0x1eed63efba5f81d95bfe37d82c8e736b974f477b.

Transfer of all [funds] from Fantom, Arbitrium, Optimism, Cronos, Polygon, Avalanche, BNB Chain, Moonbeam, Ethereum :

$USDC: $23,999,250

$fUSDT: $29,657,932

$WBTC: $2,139,053

$WETH: $17,168,126

$ETH $10,102,001

$DAI: $2,994,317

Total: $103,277,346

Transfer behavior :

1) Transfer of a large number of assets via privileges ;

2) Assets come from several chains, implying a large number of private keys;

3) Large time intervals between transfers.

This indicates that the attacker may have taken control of all the assets and is in no hurry to transfer them. Based on the previous analysis, we assume that this may be an internal operation.”

As a result, MULTI has lost 27% of its value in one week. At the time of writing, it was trading at $2.38.

Why so easy?

Firstly, Multichain presents itself as a cross-chain protocol facilitating the exchange of multiple cryptocurrencies on multiple blockchains.

Secondly, you’ve probably heard that no one, not even Multichain’s developers, can access the network’s servers. Yet the only key holder, CEO Zhaojun, has disappeared from view. Some analysts theorize that he may have been arrested by the Chinese authorities. But so far, no news about him has been revealed.

The compromise of the Multichain administrator’s keys is also said to have facilitated his series of attacks.

As a result, there’s a good chance that Zhaojun himself is behind these malicious operations.

“While it’s possible that these keys were taken by an external hacker, many security experts and other analysts believe that this exploit could be the result of in-house work or a ‘rug pull’, in part due to the recent problems suffered by Multichain,” argues blockchain analysis firm Chainalysis.

Multichain, un rug pull ?

Multichain, a rug pull?

Our June 2 article highlighted the seriousness of the Multichain case. 1.8 billion dollars belonging to customers blocked, CEO nowhere to be found… It’s hard to rule out an FTX bis scenario at this stage.

A rug pull occurs when the developers of a project raise funds for its realization. Once on track, these once-reliable developers disappear with the customers’ funds.

The DecentraWorld rug pull is a good example of this fraudulent practice.