Neither the author, Tim Fries, nor this website, The Tokenist, provide financial advice. Please consult our website policy prior to making financial decisions.

On July 7, the official Multichain account informed the public that the protocol stopped functioning entirely, leaving existing bridge transactions “stuck on the source chains.” The account advised to stop using Multichain altogether. Interestingly, Curve Finance was more agile, warning users to exit all Multichain-related ventures a day prior.

This translates to revoking all smart contract approvals tied to Multichain. That Friday, @PeckShield cybersecurity firm accounted for over $126 million in abnormal crypto and stablecoin assets, leaving the protocol.

Early Tuesday, the cross-chain bridge protocol showed various anomalous withdrawals. The outflows went to an ID-less address, accounting for ~$106 million in DAI and USDC stablecoins, BTC, ETH, and their wrapped tokens.

Given Multichain’s purpose of bridging chains, the funds flowed from all the major scalability networks – Arbitrum, Polygon, Optimism – including layer 1 networks such as Avalanche, BNB Chain, Moonbeam, and Ethereum.

Multichain Suspiciously Vague

Multichain’s response so far is lacking, noting that the “team is not sure what happened and is currently investigating.” In the meantime, both Tether (USDT) and Circle (USDC) have started freezing addresses associated with Multichain’s multi-drainage, accounting for ~$65 million in frozen funds.

Does the systemic liquidity drain indicate a large successful hack, or are the project leaders themselves pulling the plug, making it appear like a hack?

Join our Telegram group and never miss a breaking digital asset story.

Multichain Troubles Began with Shady CEO

On May 31, @MultichainOrg openly admitted they could not contact Multichain CEO, Zhaojun. His Twitter timeline shows his most recent post was on May 24. Purportedly, he was arrested by Chinese authorities, alongside Multichain’s key members, effectively seizing their funds worth $1.5 billion.

According to the rumors earlier today in Chinese community, it is said that the core members of the Multichain team were arrested by Chinese police, and the cold wallet was controlled, involving about $1.5 billion in funds.#MultiChain — Gwei Research (@btcinchina) May 25, 2023

DeFi Llama shows that Multichain’s total locked value is $1.257 billion. The reason for contacting Zhaojun was to gain access to fix a technical issue with network nodes. Namely, the cross-chain protocol had trouble facilitating transactions between chains because some network nodes, Router2 and Router5, were not working correctly.

The issue was not fixable without Zhaojun’s permission to access maintenance servers. Accordingly, Multichain suspended operations across 11 chains. Unlike Arbitrum or Polygon, all of them are unknown to the wider public. Kekchain, Findora, Red Light Chain, PublicMint, Omax, and Ekta are some of these.

What Was the Hook Behind Multichain?

The Multichain project started as most DeFi projects do, as a decentralized exchange (DEX) called Anyswap, in July 2020. This was during the so-called DeFi Summer when an entirely new alternative infrastructure for banking started to emerge.

In addition to being a DEX, Anyswap was a cross-chain DEX, allowing for the transfer of assets between blockchains. This is as intuitively needed a feature as it gets in the blockchain. In November 2020, AnySwap V2 was released, moving away from a DEX, focusing entirely on cross-chain bridging of assets as the “ultimate router for Web 3.0”.

In December 2021, AnySwap officially rebranded as Multichain. However, even the FBI acknowledged that asset-bridging protocols are highly vulnerable. That’s because they run fewer network nodes while simultaneously serving as large token repositories.

When the locked tokens are bridged, a smart contract mints equivalent tokens, 1:1, in return. The newly minted tokens are compatible with the target blockchain, making them ‘bridged.’ It is this lockup mechanism that is problematic.

In the case of Multichain, the drained wallets are MPC – Multi-Party Computation – running on a Secure Multi-Party Computation (SMPC) network where security keys are cryptographically distributed, as they are split into shards.

Consequently, MPC wallets are represented as single wallet addresses on a blockchain explorer. Still, they allow multiple parties to sign in, with each party not revealing their input to other parties. Further, MPC wallets’ signatures are computed off-chain, allowing low fees for high-volume transactions. This was another Multichain hook.

Is Multichain a Rug Pull?

A project-level rugpull is not that uncommon. At the end of June, Arbitrum-based Chibi Finance took an abrupt exit with over $1 million in user funds, leaving deleted social media accounts behind.

Given the way Multichain runs with MPC wallets, hackers could have acquired keys. After all, this was the core concern behind the proposed Ledger Recover feature. However, it is unusual for hackers to not immediately swap out controlled assets such as USDC/USDT, which have largely been frozen.

With that said, a rug pull doesn’t have to begin as such. Given Zhaojun’s purported troubles with Chinese authorities, he, or someone in control of his wallet, may have decided to exit abruptly with feasibly liquidable funds.

How those funds will be liquidated is yet to be determined, as all the crypto exchanges are now looking for the new address. Binance had already suspended eight Multichain-bridged tokens. At the end of the line, only Zhaojun has the explanatory power to clear up the Multichain collapse.

Finance is changing. Learn how, with Five Minute Finance. A weekly newsletter that covers the big trends in FinTech and Decentralized Finance. Try it out (for free) Awesome You’ve subscribed. You’re well on your way to being in the know.

Do you think failed coding experiments, or rugpulls, will make TradFi’s job easier to corner blockchain technology? Let us know in the comments below.