TronWeekly

Crypto World News

You are here: Home / Archives for Multichain

Multichain

Multichain Forced To Quit Operations: Mystery Of Assets Deepens

by

Ending weeks of speculation, Cross-chain project Multichain has confirmed that CEO Zhaojun is currently lodged in jail after being arrested by the Chinese authorities on May 21, 2023. In a Twitter thread, the team shed light on its current state of affairs, the founder’s possible release, and an important update on the user funds locked on the MPC addresses.

Things became much clearer after the team established contact with the MPC node operators, who informed them that these servers were running under Zhaojun’s cloud server account and that all of his computers, phones, hardware wallets, and mnemonic phrases were confiscated by the authorities. “This also means that all the team’s funds and access to the servers are with Zhaojun and the police.”

This was why the Multichain team released the news about Zhaojun’s disappearance and informed the community about the technical issues they currently faced. But on June 4, Multichain team engineers gained physical access to the home computer [as allowed by Zhaojun’s family] to fix technical issues with Router 2 and Router 5.

Multichain’s Jailed CEO Might Be Released Soon

Although the team was not informed about the details of the case, it was notified that Zhaojun would be released soon and was asked to continue maintaining the system and await further updates. But in a startling revelation, Zhaojun’s sister, who managed to transfer the remaining user assets in the router pool, has been taken into custody as well.

The status of the assets she has preserved remains uncertain for now. And due to the lack of alternative sources of information and corresponding operational funds, Multichain decided to cease operations.

Earlier reported by TronWeekly, over $127 million in assets were taken out unexpectedly and without authorization from the DeFi bridge. The team responded by shutting down the asset bridge and encouraging users to revoke any contract permissions.

As a number of keen-eyed on-chain sleuths began their investigations, the unusually anomalous outflows sparked fears of a hack and even generated accusations of rug-pulling. According to Chainalysis, a top blockchain analytics tool, it was one of the greatest cryptocurrency hacks ever.

In a study dated July 10, the data tracking platform stated that the large withdrawals might have been the result of an insider hack or rug pull rather than merely a function aberration or coding mistake. Fingers were pointed at the company’s CEO, who unexpectedly disappeared before news of his official arrest broke.

Chainalysis Explores Multichain $127M Withdrawals Mystery & A CEO Gone Rogue

by

Last week, cross-chain bridge protocol Multichain experienced unusually large, unauthorized withdrawals to the tune of over $127 million in assets. The team announced that it was launching an investigation, shutting down the asset bridge, and advising users to cancel any contract permissions.

The unprecedented suspicious outflows raised concerns of a hack and even led to charges of rug pulling as a number of keen-eyed on-chain sleuths launched their own investigations. Chainalysis, a leading blockchain analytics platform, stated that it was one of the biggest crypto hacks on record.

The data tracking company suggested in a report dated July 10 that the massive withdrawals appeared to be the consequence of an insider hack or rug pull rather than just a function aberration or coding errors.

This is due to the fact that, unlike cross-chain protocols, which get hacked due to faulty experimental designs, Multichain has recently encountered some significant problems unrelated to the design of its protocol, leading to public suspicions that the most recent exploit may have been created by insiders.

Out of the $127 million worth of cryptocurrency, nearly $120 million came from Multichain’s Fantom Bridge. The stolen assets consisted of wrapped Ether [wETH], wrapped Bitcoin [wBTC], and USDC. In addition, the attacker took $666k from the Dogecoin bridge, losing 85% of all deposits, and $6.8 million from the Moon River bridge, taking money in USDC and Tether with it.

Multichain’s Administrator Keys Could Be Hacked

Despite being secured by a multi-party computation [MPC] system, Multichain’s smart contracts are still susceptible to attackers who might have access to enough MPC keys as in the recent case, Chainalysis stated.

Another scenario involves compromised administrator keys. Even though it’s possible that those keys were acquired by an outside hacker, many security professionals and other analysts believe that this exploit could be a case of classic rug pull because of Multichain’s recent woes.

Suspicions further gained teeth after the CEO of Multichain, who goes by the moniker Zhaojun, mysteriously vanished. On May 31, 2023, the platform acknowledged that it was unable to get in touch with him and, as a result, could not carry out the essential technical maintenance on the platform.

It didn’t end here, as the team was forced to cease operations in more than 10 chains following rumors of Zhaojun’s alleged arrest in China and the seizure of $1.5 billion of the protocol’s smart contract funds.

Multichain Flags ‘Abnormal’ Assets Outflows; $127M Moved

by

Multichain Bridge saw a massive outflow of over $127 million in assets. The team announced on Twitter that it is unsure right now, is conducting an investigation, and has paused the asset bridge. Users were advised to revoke approvals to the bridge if had any.

The lockup assets on the Multichain MPC address have been moved to an unknown address abnormally. The team is not sure what happened and is currently investigating. It is recommended that all users suspend the use of Multichain services and revoke all contract approvals related to Multichain.

Following the suspicious transfers, several sharp-eyed on-chain sleuths began their own investigations.

Popular Knowledge graph protocol 0xScope believed the impact of the Multichain incident has spread to Fantom, Moonriver, Kava, Dogechain, Conflux, and ETHW ecosystems. Currently, various stablecoin assets on these chains have been de-pegged.

The unprecedented outflows sparked fears of hack and there were even allegations of rug pulling. One analyst, though, refuted the rumors.

According to Loki_Zeng, the asset transfer took a considerable amount of time, and each asset was sent to a separate wallet. Moreover, there was no subsequent activity [such as swapping or mixing], leaving the recipient’s wallet entirely clean.

Before the transfer, a small amount of 2USDC was used to test the transaction.

“Considering the technical characteristics of MPC, the transferor may have completely obtained the control of private key fragments exceeding the threshold in some way,” the anonymous expert added.

The cross-chain protocol team made the following announcements during the time this article was being written.

“The Multichain service stopped currently, and all bridge transactions will be stuck on the source chains. There is no confirmed resume time. Please don’t use the Multichain bridging service now.”

Bridges continue to be more susceptible to hackers than cryptocurrency networks themselves as the market transitions to a fully multi-chain future. Over $2 billion in assets were taken by token bridge exploits in 2022 alone.

Multichain Incident- A Reminder Of Bridges’ Vulnerability

According to a study led by Chainalysis, there have been a total of 13 cross-chain bridge breaches resulting in a loss of $2 billion in Bitcoin, the majority of which was taken this year.

69% of the total funds stolen in 2022 to date have been obtained through attacks on bridges.

Experts believed that bridges’ central storage point of funds that back the “bridged” assets on the receiving blockchain presents an enticing target for attackers.

Additionally, an effective bridge design is still a pipe dream because there remain technical challenges that need to be solved, even if many new models are being created and tested.

Gate.io Clarifies Its Liquidity Status After Insolvency Rumours

by

Leading CEX Gate.io asserted that there are no issues with its operations or withdrawals in response to the widespread reports of illiquidity.

“First, we want to emphasize that Gate.io is an established and well-operated exchange. We remain committed to providing users with secure, efficient, and reliable digital asset trading services.”

In the blog post dated May 31, the crypto exchange stated that it is instead focused on its 10th-anniversary celebration and the launch of Gate Group’s Hong Kong trading platform, Gate.HK.

Gate.HK prioritizes compliance and has submitted an application for a Virtual Asset Service Provider [VASP] license to the Hong Kong Securities and Futures Commission, aligning with the latest regulatory requirements. 

The other day, crypto Twitter was flooded with numerous posts claiming that the exchange was bankrupt as a result of a purported relationship between it and the Web3 cross-chain router Multichain Multichain [MULTI] whose treasury is backed by 30%.

It all began after crypto tracking firm Arkham Intelligence revealed data indicating significant MULTI inflows to Gate.io, which it said was linked to rumors of the protocol’s team “allegedly being arrested in Shanghai.”

Last week, numerous reports emerged that Chinese authorities allegedly took into custody several Multichain executives, including CEO Zhaojun.

Although the arrests were neither confirmed nor denied by officials, Binance responded by temporarily suspending several bridged tokens that relied on the Multichain protocol.

Then, on May 31, a statement from Multichain’s Twitter account claimed that the protocol had encountered numerous problems as a result of “unforeseeable consequences.”

The team said that despite their best efforts to follow protocol, they were “unable to reach” CEO Zhaojun in order to access crucial servers.

Gate.io Saw a $150M Outflow

Soon after, Twitter users posted transaction trails highlighting significant FTM deposits to the tune of over $10 million from unknown members of the Multichain team to Gate.io.

The identity of the account owner who executed the transaction is now yet unclear.

Due to the massive MULTI and Fantom deposits to Gate.io, numerous Twitter users speculated that the exchange was susceptible to Multichain fallout.

Users hurried to withdraw their assets, causing a $150 million net outflow on the centralized exchange as of right now. The Gate.io crew continued to put up a brave front, labeling the commotion as FUD.

Multichain reimburse $2.6M of the stolen assets; proposes a Security Fund

by

Web3 cross-chain router Multichain formerly Anyswap announced that it has recovered roughly $2.6 million which is 50% of the lost funds from the recent liquidity pool and router contract exploits first identified on Jan 10, 2022. Following the attack, Multichain ask users to withdraw approvals for the vulnerable smart contracts.

Unfortunately, the warning led to more attacks, with estimated losses above $3 million. Multichain was able to fix the vulnerability of the liquidity pool by upgrading the tokens’ liquidity to new contracts, stating,

“However, the risk remains for the users who have yet to revoke approvals for the affected router contracts. Notably, users themselves have to be the ones to revoke the approvals.”

As per the blog post, out of a total of 7,962 user addresses, 4861 addresses have revoked their approvals, while 3101 have not. The team initiated a compensation plan to restore user funds which expired on Feb. 18, 2022.

The blog went on to add that to qualify for a reimbursement, users had to revoke their approvals and submit a support ticket. Multichain said they would continue trying to recover the lost funds and reimburse users after Feb. 18, 2022, minus the miner fee.

Blockchain security firm Dedaub alerted Multichain about two soft spots in its liquidity pool and router contracts, which affected Wrapped ETH [WETH], Wrapped BNB [WBNB], Polygon [MATIC], and Avalanche [AVAX]. Almost 913 WETH and 125 AVAX were recovered. Over 976.8628 WETH is still unaccounted for.

Stablecoin issuer Tether too stepped in by freezing an Ethereum address holding over $715,000 worth of USDT, according to data from block explorer site Etherscan. Earlier in Feb. 2022, a DeFi infrastructure provider Meter had suffered a bridge vulnerability that saw large amounts of BNB and WETH minted, depleting bridge reserves.

Multichain future action

The team through the post assured that relevant measures have been put in place to avoid such future vulnerabilities. There would be increased rounds of security audits on contracts and cross-chain bridges to be conducted.

The cross-chain platform is also proposing a Security Fund subject to vote via governance tokens. The fund would be utilized to implement rescue schemes for digital assets lost caused by Multichain’s own infrastructure. Multichain decided to award Dedaub with $1M for each vulnerability identified and disclosed as part of their maximum bug bounty payment. 

Multichain secures $60M funding from Binance Labs to boost Web3 adoption

by

Multichain which was formerly named Anyswap, a cross-chain protocol raised a $60 million financing round worth $1.2 billion led by Binance Labs today. According to the press release, the series of rounds was joined by several other well-known investors such as Sequoia China, IDG Capital, Three Arrows Capital, DeFiance Capital, Circle Ventures, Tron Foundation, Hypersphere Ventures, Primitive Ventures, Magic Ventures, and HashKey. Apart from providing support financially, the group will also be jointly involved in the project’s development at a deeper level towards the common vision for web3 adoption.

Multichain who recently rebranded from Anyswap, was initially functioning as a cross-chain decentralized exchange or DEX since its inception back in July 2020. Then in 2021, the platform removed the DEX function in order to focus on its cross-chain bridge services. Finally, on December 16, Anyswap decided to rename the brand to Multichain. 

As per the press release, Multichain provides cross-chain infrastructure for 25 mainstream public blockchains including Ethereum [ETH], Fantom [FTM], Binance Smart Chain [BSC], Avalanche [AVAX], Moonriver [MOVR], Arbitrum, Polygon [MATIC], and Harmony [ONE]. Besides the Total Value Locked [TVL] on the cross-chain protocol is over 300k, nearly $5 billion, with over 1,000 crypto assets circulating among different mainnets. Speaking on the latest announcement Zhaojun, the Co-founder of Multichain.

“Multichain now is the cross-chain infrastructure that connects more public blockchains and crypto-assets than anyone else, with lower transaction fees, shorter bridging time, and higher security levels. Aligning with our plan to improve Web3, the protocol will integrate NFT Cross-Chain Bridge and our new anyCall solution for arbitrary cross-chain contract calls, supporting innovative NFT and DeFi DApps in cross-chain ecosystems. We will remain on the frontline of cross-chain research.”

Multichain quest to be the ultimate Web 3 router

Multichain as per the blog post would utilize the funds to invest in the growth of the team and the ecosystem to further the mission of routing the Web3 technology. This also meant expanding the R&D team, especially the research team on crypto algorithms, the audit team that focuses on security, and the service team that supports more users and more blockchain ecosystems to connect with the cross-chain platform.