Chainalysis report raises concerns that Multichain’s attacker may have inside connections
Chainalysis noted that the attacker's actions deviated from normal practices in such exploits.
While DeFi hackers have a specific affinity for targeting cross-chain bridges, this one is quite suspicious due to the issues facing Multichain before the incident, according to Chainalysis.
The report by Chainalysis highlighted several problems the protocol faced, notably the disappearance of Multichain CEO Zhaojun. Following his disappearance, which was announced via a tweet from the team, there were rumors that he had been arrested in China
According to the blockchain analytical firm, the incident led Multichain to suspend services for more than ten chains, although it continued to operate. On July 7, Binance ended support for several tokens bridged through Multichain.
Due to the incident and the technical issues before it, some experts believe that the exploitation was an inside job.
This perspective is backed up by several on-chain investigators, who suggest that the nature of the exploit indicates that the administrator keys were compromised. Although the attacker could have gained control of the keys, the likelihood of an insider getting access was easier.
Chainalysis also noted that the actions of the attackers were suspicious. In most exploits, the attacker would swap all centralized tokens likely to be frozen. Interestingly, the exploiter of Multichain did not swap assets such as USDC and USDT, which is a common move in most exploits. This allowed the stablecoin firms to freeze the addresses holding $67.5 million in USDT and USDC stolen from Multichain.
Since the hack, the Multichain team has discontinued services, and malicious actors have targeted Fantom Network users with phishing links.