The Multichain cross-chain bridge theft incident caused the loss of hundreds of millions of funds. 99.76% of the funds were withdrawn overnight!
Based on the evidence from multiple sources, we have sorted out the ins and outs of this incident...
Let's get to the main text first. I want to sort it out according to the timeline first.
🟢July 7, 07:27 AM Multichain official tweeted that an abnormality was found
The locked assets on the multi-chain MPC address were abnormally transferred to an unknown address. The team is not sure what happened and is currently investigating.
All users are advised to suspend the use of Multichain services and revoke all contract approvals related to Multichain.
🟢THE BLOCK later reported that day
The dog-themed blockchain Dogechain also saw a sudden flow of funds, with at least $660,000 in USDC being sent to the same destination wallet as the Moonriver fund flow.
Multichain has not yet issued a statement on the movement of funds. The Fantom Foundation said it is aware of “what is happening on the Multichain Bridge…
🤓At this time, major institutions are actively evaluating the situation
🟢2 hours later, Xinhuo Technology researcher 0xLoki no longer spoke on Twitter
However, the original tweet has been deleted for unknown reasons. However, Dilraba did make a video to promote the event, so the general content is recorded.
According to the other party's information, the attacker is most likely not a hacker
1. The transferor has sufficient time. Considering the technical characteristics of MPC, the transferor is likely to have completely obtained control over the private key shards in some way.
2. The attack method is very simple, it is just a simple transfer operation, there is no contract, no testing, and the attacker is most likely not a hacker.
3. The transferor does not make further disposal or realization, and the operator may not have absolute decision-making power.
🟢July 7th at 12:57 noon Multichain officially confirmed the theft
And posted:
Currently, the multi-chain service has been stopped and all bridge transactions will be stuck on the source chain.
There is no confirmed timeline for recovery yet.
Please do not use the multi-link bridge service at this time.
🟢Just 30 minutes later, Boss Zhao also responded positively
Boss Zhao posted:
It looks like another hack has occurred on Multichain.
This will not affect users of Binance itself.
We have swapped out all assets and closed deposits a while ago.
Regardless, we offer assistance to help resolve the situation.
At this point, it was confirmed that Multichain had problems, and 99.76% of the funds fled the project rapidly that day. Everyone fled the project!
🟢Then 0xScope tweeted
Today, $MULTI was hacked again, $126 million was stolen (9% TVL), and the price of $MULTI fell by 20%.
The impact extends to the#FTM,#Moonriver,#Kava,#Dogechain,#Conflux, and#ETHWecosystems.
Multiple stablecoin assets on these chains have been decoupled.
Do you feel that this theft incident is getting more serious after hearing this? Just continue to follow the Chinese Dili and watch the show. The regulatory authorities will take action soon!
In fact, on July 7, the police locked in on the abnormal transfer of user assets on the MPC address to an unknown address. They also found the login information of the Kunming IP address on the cloud server platform, as well as a series of operations for transferring money from the MPC address.
🟢The next day, on July 8, security company PeckShield tweeted
About $63 million in USDC (funds outflow from Multichain) is now frozen
Haha! Frozen! 😂
🟢 On July 8, y2z Ventures partner blanker.eth described the attacker’s methods
It claimed that it had deployed a fake ERC-20 token, modified the `approve()` method, and manually forged authorizations for a large number of on-chain addresses, and called on Revoke Cash and Rabby to remind users to cancel authorizations.
🟢On July 11, blockchain security audit company Beosin took action
After a few days of analysis and investigation, they speculated that this might be an internal operation, or embezzlement? How unacceptable!
But in reality, the police had already arrested someone on July 9. On that day, the suspect Sister Zhaojun transferred the remaining user assets in the router pool, and then notified the team and multiple project parties of the asset preservation operation. The funds were transferred to the EOA address controlled by Sister Zhaojun. 0x1eed*****477b
0x6b63*****e57b
🟢On July 13, according to information provided by Zhaojun’s family, the police have detained Zhaojun’s sister.
Now, Zhaojun's sister has also lost contact. The status of her assets is still uncertain, so the team believes it is necessary to inform the community of all known situations.
🟢It was not until July 14th that Multichain officially described this!
🎖️I am Chinese Dili, and I will join hands with you to build Web3.0! (Ahem! This issue should be regarded as a melon-eating for all netizens!)
I can't imagine what this Zhaojun girl is thinking, haha! You guys don't understand how girls operate!
But back to the point, this incident is really too distressing!
Although the agency and the police handled the incident immediately, the security of funds in the cross-chain bridge is worth our reflection. We recommend that new users transfer their currency to the exchange when they need to transfer assets across chains to ensure our safety!
Tell us what you think in the comments section! It’s not easy to create, give us a thumbs up to support!
