Multichain's ‘mysterious withdrawals’ have whiffs of a ‘rug pull’

The multi-million dollar exploit of cross-chain bridge protocol Multichain could have been an internal rug pull, according to blockchain security and analytics firm Chainalysis.

“On July 6, 2023, cross-chain bridge protocol Multichain experienced unusually large, unauthorized withdrawals in what appears to be a hack or rug pull by insiders,” the firm wrote in a July 10 blog post.

The exploit has so far resulted in the loss of more than $125 million.

On July 6,

Meanwhile, blockchain sleuths have reported more spurious Multichain token movements over the past few hours. The abnormal outflows were the Multichain Executor address draining anyToken addresses across several chains, they reported.

The Multichain Executor address has been draining anyToken addresses across many chains today and moving them all to a new EOA pic.twitter.com/gqDaXMBl96

— Spreek (@spreekaway) July 10, 2023

On July 8, stablecoin issuers Circle and Tether froze more than $65 million in assets tied to the Multichain exploit.

Chainalysis commented that it was interesting that the exploiter “did not swap out of centrally controlled assets like USDC, which can be frozen by the issuing company.”

Magazine: $3.4B of Bitcoin in a popcorn tin — The Silk Road hacker’s story