Blockchain security and analytics firm Chainalysis points out that the recent multi-million dollar exploit of the Multichain cross-chain bridge protocol may be an inside job or a rug orchestrated by insiders. Unauthorized withdrawals, resulting in losses of over $125 million, demonstrated the potential for compromise of administrator keys. Chainalysis highlights the recent internal problems faced by Multichain and the disappearance of its CEO, adding to the suspicions. While the investigation continues, questions arise about the security of the platform and the handling of centrally controlled assets.
Suspicion of Internal Tapestry Pull:
Chainalysis shows that exploits targeting the Multichain cross-chain bridge protocol could be an inside job or an insider pulling of a carpet. The compromise of administrator keys, potentially through an inside source, could allow unauthorized withdrawals. This theory gained traction due to the recent internal issues Multichain experienced, including the loss of the CEO and technical issues affecting transactions.
Troubled History of Multichain:
Multichain smart contracts use a multi-party computing (MPC) system similar to a multi-signature wallet. However, the platform faced challenges, including delayed transactions and technical difficulties which caused Binance to end support for bridged tokens. Chainalysis highlights this issue as indicating an internal struggle within Multichain, raising suspicions around the exploit.
Response from Chainalysis:
Chain analysis, describing the exploit as a possible rug pull, suggests that a compromised MPC key may be a factor in the unauthorized recall. While it remains unclear whether external hackers or insiders orchestrated the exploit, many experts and analysts are leaning towards the possibility of inside work given the recent issues faced by Multichain.
Further Development and Freezing of Assets:
Recent reports from blockchain sleuths point to additional fraudulent movements of Multichain tokens. Abnormal outflows have been observed, with Multichain Executor addresses draining multiple addresses across multiple chains. In response to the exploit, stablecoin issuers Circle and Tether froze assets worth more than $65 million associated with Multichain. Chainalysis found it interesting that the exploit does not exchange centrally controlled assets like USDC, which can be frozen by the issuing company.
Exploits of Multichain’s cross-chain bridge protocol raise suspicions of internal tapestry pulling or insider work, according to Chainalysis. Recent administrator lock compromises and internal platform issues have contributed to the speculation. As the investigation continues, questions arise about the security measures implemented by Multichain and the handling of assets that are centrally controlled. Further developments will shed light on the extent of the exploitation and the implications for Multichain and affected stakeholders.