The multi-million dollar exploit of cross-chain bridge protocol Multichain could have been an internal rug pull, according to blockchain security and analytics firm Chainalysis.
“On July 6, 2023, cross-chain bridge protocol Multichain experienced unusually large, unauthorized withdrawals in what appears to be a hack or rug pull by insiders,” the firm wrote in a July 10 blog post.
The exploit has so far resulted in the loss of more than $125 million.
On July 6, @MultichainOrg experienced unusually large, unauthorized withdrawals, resulting in losses of more than $125M. It’s one of the biggest #crypto hacks on record. Read on to learn what we know so far: https://t.co/ib2K6sIrID pic.twitter.com/BBY3iU75oB
However, Chainalysis believes the exploit may have been the result of administrator keys being compromised, which some suggest means it couldy have been an “inside job.”
In a statement to Cointelegraph, a spokesperson for Chainalysis confirmed the firm is “describing it as a possible rug pull.”
Multichain’s smart contracts use a multi-party computation (MPC) system, which is similar to a multi-signature wallet, the firm explained.
“It is possible that the attacker gained control of Multichain’s MPC keys in order to pull off this exploit,” Chainalysis said before adding:
Chainalysis said the most obvious example of these internal issues was the disappearance of Multichain's CEO, known as “Zhaojun,” in late May. The platform also suffered delayed transactions and other technical problems resulting in Binance ending support for several of its bridged tokens on July 7.
Cointelegraph reached out to Multichain for a response to the claims but had not heard back at the time of publication.
Related: Connext founder proposes
Read more on cointelegraph.com