Chainalysis, a blockchain security and analytics company, says that the multi-million-dollar hack of the cross-chain bridge technology Multichain could have been an inside job.
In a July 10 blog post, the company said, "On July 6, 2023, the cross-chain bridge protocol Multichain saw large, unauthorized withdrawals. This appears to be a hack or a rug pull by people on the inside."
So far, more than $125 million has been lost because of the scam.
Chainalysis, on the other hand, thinks the hack may have happened because administrator keys were stolen, which some people say means it could have been a "inside job."
A Chainalysis representative told Cointelegraph that the company is "describing it as a possible rug pull."
The company said that the smart contracts on Multichain use a method called multi-party computation (MPC), which is like a multi-signature wallet.
Chainalysis said, "It's possible that the attacker took control of Multichain's MPC keys to pull off this exploit."
Chainalysis said that the CEO of Multichain, who was known as "Zhaojun," going missing in late May was the clearest sign of these internal problems. The platform also had problems with transfers taking too long and other technical issues. On July 7, Binance stopped supporting several of its bridged tokens.
Cointelegraph asked Multichain to comment on the claims, but had not heard back by the time this article was published.
Over the past few hours, blockchain detectives have seen more fake moves of Multichain tokens. They said that the Multichain Executor address was draining anyToken addresses from several chains, which caused the strange withdrawals.
On July 8, Circle and Tether, two companies that make stable coins, froze more than $65 million worth of assets that were linked to the Multichain hack.
Chainalysis thought it was interesting that the exploiter "did not swap out of centrally controlled assets like USDC, which can be frozen by the issuing company." (Source)