Written by staff writer.
Blockchain bridge Multichain has suspended operations and is missing up to USD120 million after seeing “unusual activity” coinciding with a major cyber heist last week. Several cybersecurity firms sounded the alarm on July 6 about an attack after observing abnormally high numbers of tokens transferring from Multichain’s bridging networks to unidentified addresses.
Multichain (formerly known as AnySwap) describes itself as an “enterprise blockchain that actually works,” allows clients to connect blockchains such as Bitcoin and Ethereum via a cross chain bridge. Before it paused transactions, it was holding a reported USD1.26 billion in crypto currencies.
Last week, hackers stole stablecoins, including Tether, Dai, and USDC, as well as tokens like Chainlink, wrapped Bitcoin, and wrapped Ether from the already under-scrutiny Singapore-based entity . It is reported that the funds were moved into six different addresses. Blockchain security company PeckShield said that most stolen tokens were going from the Fantom blockchain (USD102 million) into Ethereum or Binance Smart Chain, but the Dogechain (USD666,000_ and Moonriver (USD5 million) blockchains were also impacted.
This is not the first time hackers have targeted Multichain. In 2021, hackers stole USD8 million. Web3 security solutions company CyVers says Multichain is still uncertain about the exact nature of the incident, adding that in dollar terms, it is the second biggest cyberattack of 2023 to date.
CyVers, who say they were one of the first security entities to warn of the attack, notes that it was unusual on a couple of fronts. Firstly, the hackers did three test transactions of USD2 in the immediate lead-up to test the system. Secondly, after the major heist, instead of trying to launder the funds as quickly as possible, the coins and tokens sat in the readily identifiable destination addresses for several days.
“Based on the lack of movement, we suspect it might be related to the arrest of the Multichain CEO in May by Chinese authorities, or maybe this is an insider attack, and he doesn’t know how to move forward,” said Deddy Lavid, CEO and co-founder of CyVers.
The Multichain CEO, known simply as Zhaojun, dropped out of sight (along with several other team members) in May. There was immediate speculation that Chinese authorities had arrested him.
CyVers also noted the similarities between this cyberattack and the 2021 attack. In both instances, the hackers targeted the blockchain bridge’s multi-party computation (MPC) wallets. The company says bridge attacks are growing in popularity, with last week’s attack the second in as many weeks.
In the immediate aftermath of last week’s cyberattack, Multichain suspended operations. With its CEO (and other senior team members) missing and delayed transactions before the attack, there is intense speculation that Multichain will not resume business. Last week, before the attack, Binance stopped deposits and withdrawals to and from several Multichain derivative tokens due to delays in processing transactions. Binance has since confirmed that none of its user’s funds were caught up in the Multichain attack.
Multichain has not updated its social media accounts since July 7, the day after the attack.