Insider Job? Chainalysis Report Suggests Multichain Attacker Had Inside Connections

On July 6, 2023, the Multichain Protocol was hit by a massive hack, resulting in the loss of over $125 million worth of cryptocurrency. The attack targeted the protocol’s Fantom bridge, resulting in the theft of valuable crypto assets like WBTC, USDC, DAI, wETH, and Link. 

The stolen funds amounted to a staggering $126 million, with WBTC accounting for $30.9 million, wETH for $13.6 million, and USDC for $57 million. This exploit is one of the biggest crypto hacks on record.

Multichain Attack And Insider Threats

According to a recent report by the analysis and data company Chainalysis, the attack is suspected to be an inside job since Multichain has recently experienced some notable issues unrelated to its protocol design, prompting public suspicions that insiders may have carried out this recent exploit. 

The disappearance of Multichain’s CEO, who is known by the alias Zhaojun, and the subsequent suspension of services for more than 10 chains, including DynoChain, Redlight Chain, and Public Mint has added fuel to this suspicion.

Multichain’s smart contracts are secured by a multi-party computation (MPC) system, which functions similarly to a multi-signature wallet system. However, like multi-signature wallets, these systems are still vulnerable if an attacker possesses sufficient MPC keys.

It is possible that the attacker gained control of Multichain’s MPC keys to pull off this exploit. Interestingly, the attacker did not swap out centrally controlled assets like USDC, which can be frozen by the issuing company (Circle, in the case of USDC), along with the addresses holding those assets. 

Most hackers typically seek to quickly swap funds for those not vulnerable to those security measures. In total, addresses frozen by Circle and Tether hold approximately $65 million in assets stolen from Multichain.

What’s Next For The Protocol?

After the attack, the Multichain team tweeted that they were beginning an investigation and urged users to pause transactions. A day later, on July 7, the team tweeted that the protocol would be stopping service indefinitely.

Unfortunately, scammers also went on Twitter to spread a “phishing” link and impersonate the Fantom Foundation to trick affected users into claiming an “emergency FTM distribution.”

Multichain protocol’s last announcement. Source: Multichain on Twitter.

Cross-chain bridge protocols have proven lucrative targets for hackers due to their experimental designs and the fact that they generally have large, centralized repositories of assets bridged by users to other blockchains. However, there may be several methods to mitigate risk and prevent similar exploits from occurring. 

According to Chainalysis, one way is through rigorous code audits to help developers standardize projects and investors evaluate protocol viability. 

While the Multichain hack appears to have resulted from compromised keys rather than faulty code, reputable audit reports often explicitly identify which parts of protocols are vulnerable to private key theft, which may help users better assess risk. Additionally, users of any protocol can research before they transact.

The exploit suffered has left the blockchain community on edge, with many waiting for an official statement from the Multichain team. The team has not made any public pronouncements on the matter, leaving users and investors in the dark about the protocol’s future.

Multichain’s native token MULTI downtrend on the 4-hour chart. Source: MULTIUSDT on

Multichain’s native token, MULTI, has experienced a significant decline over the past 7 days, with a drop of over 27% in this timeframe. Currently, the token is trading at $2.387, representing a further decline of 3% in the last 24 hours.

Featured image from Unsplash, chart from

Source link