Table of Contents
On July 6th, unknown attackers stole cryptocurrencies in the hundreds of millions. The victim: DeFi platform Multichain. The fact that there has been no trace of CEO Zhaojun for weeks makes the investigation more difficult. And lets rumors about an inside job boil up. What is known about one of the biggest crypto hacks of the year?
The million dollar coup of July 6th
Last Thursday, an unknown person managed to withdraw over 126 million USD worth of cryptocurrencies from multiple Multichain wallets. Multichain makes it possible to transfer crypto values between different blockchains – so-called bridging. The target of the attack were the smart contracts of these bridges. The Fantom Bridge was hit the hardest. 7,214 Wrapped Ether, 1,024 Wrapped Bitcoin (WBTC) and USDC worth more than 100 million US dollars flowed to unknown addresses within a short period of time. Shortly thereafter, the Multichain team spoke up on Twitter. The movements are abnormal. It would be “not sure what happened” and is currently investigating the incidents.
Who moved the money?
Some of the recipient wallets are already identified. But not their owners. Stablecoin issuer Circle was able to secure some of the money. Loud Declarations An OnChain analyst, who appears on Twitter under the pseudonym 0xScope, currently has 65 million USD worth of wallets frozen. They are all related to the July 6th incident. According to the blockchain security firm PeckShield the funds were sent to six different addresses, three of which were subsequently blacklisted by Circle.
The following three addresses receiving the outflow funds from @MultichainOrg are now blacklisted by circle:https://t.co/wA2cChDwp9https://t.co/Ebo9ByrZxwhttps://t.co/H2gMKuUMfc https://t.co/jWUoIsAblN pic.twitter.com/1P0JOgSgQV
— PeckShieldAlert (@PeckShieldAlert) July 7, 2023
The multichain services have also been put on hold for the time being. “Please do not use multichain bridging service now”, warns the team. Because “all bridge transactions will get stuck in the source blockchains”.
Where is the Multichain CEO?
Also unclear: the role of the Multichain CEO. On May 31st shared the team said the man known as Zhaojun could not be found. There were security problems beforehand. Several million US dollars were lost. Multichain announced on Twitter that it is terminating some cross-chain services. There are also problems with access rights. Due to the manager’s absence, the team cannot access the project servers. The conditions were therefore alarming six weeks before July 6th. And that with a DeFi protocol with a total volume (TVL) of 1.25 billion USD.
There was speculation that some team members may have been arrested by Chinese authorities. So far, however, these reports have not been confirmed.
Multichain incident attracts scammers
As a result of the incidents, crypto scammers attempted to take advantage of the turmoil surrounding Multichain. They spread a phishing link on Twitter. To do this, they created an account similar to that of the Fantom Foundation. In it, they claimed: “Due to the multichain hack, the Fantom Foundation is distributing emergency FTM tokens to all users. Eligible are all users who have interacted with the FTM chain.” The link was retweeted over 5,000 times and reached 50,000 people.
Bridges are of great importance for the interoperability of the crypto world. They enable the connection of different blockchains. However, these interfaces often have security gaps. Therefore, they are a popular target for hackers. In the case of Multichain, it remains to be seen whether the work involves external actors or an “inside job”.