A substantial and unexplained transfer of crypto assets worth millions occurred last week. Multichain, a major crypto project, observed significant outflows from its platform on Thursday, July 6. This further led to the suspension of its operations. Over the course of the day, about $125 million worth of Multichain assets was illicitly drained and transferred to various wallets.
Following this incident, users were urged to halt any activities on Multichain. They also had to revoke all contract approvals linked with the network while investigations were going on. Binance CEO Changpeng Zhao, reassured his followers on Twitter that the exchange remained unaffected by the attack and that all funds were secure. However, Binance had swapped all assets out and closed deposits with Multichain.
Fake Fantom [FTM] distribution takes front stage
During the ongoing investigations, bad actors tried to take advantage of the situation. Due to the Multichain attack, a fraudulent announcement claiming an emergency ‘Fantom token distribution to users’ surfaced on Twitter. The tweet saw a large number of retweets and views and has been bookmarked by users.
The Fantom Bridge was particularly targeted during the hack. It caused the theft of about $122 million worth of its holdings in various crypto assets such as wBTC, USDC, USDT, and others. The now-deleted tweet read,
“Due to the Multichain hack, Fantom Foundation is issuing an emergency FTM distribution to all users. All users who have interacted with the FTM chain are eligible to claim.”
Along with this tweet, a link was provided for the community. Individuals impacted by the hack were provided with a suspicious link, suspected to be a phishing attempt, and were encouraged to follow it.
Circle and Tether take action
While the community was grappling with the legitimacy of the hack, Circle and Tether stepped up. These stablecoin networks decided to freeze approximately $65 million worth of assets associated with the exploit. Specifically, three addresses that held around $63.2 million in USD coin [USDC] were frozen, along with two additional addresses that contained $2.5 million worth of Tether [USDT]
Chainalysis smells ‘rug pull’
According to Chainalysis, a blockchain analytics company, the aforementioned hack is suspected to be an internal rug pull. The firm speculated that the exploit may have occurred due to compromised administrator keys, leading to hints that it could have been an “inside job.”
It is important to note that Multichain’s smart contracts employ a multiparty computation [MPC] system. This operated similarly to a multi-signature wallet. It is speculated that the hacker may have gained control over these MPC keys to execute the hack. Chainalysis further added,
“While it’s possible those keys were taken by an external hacker, many security experts and other analysts think this exploit could be an inside job or rug pull, due in part to recent issues suffered by Multichain.”
Alongside, the disappearance and the rumors of Multichain’s CEO Zhaojun’s arrest made the ordeal more suspicious.
Increased outflows strike Multichain yet again
Despite the ongoing investigation, Multichain continued to encounter a significant volume of substantial transactions. Chinese journalist Colin Wu reported that Multichain had observed a considerable number of unusual outflows within the past 12 hours. These abnormal outflow assets worth $117 million were primarily transferred to a new address, 0x1e…477b.