After the impressive hack of cryptocurrency bridge Multichain (MULTI), part of the community expressed doubts about a potential rug pull. In its latest report, blockchain analytics firm Chainalysis gave credence to this theory.
Would the Multichain hack be a rug pull?
While 2023 seemed to be shaping up as a relatively quiet year for hacks, the Multichain (MULTI) bridge suffered the second biggest cryptocurrency theft of the year with a loss of more than $126 million last week.
Already at the time of the event, some doubts had been expressed, and the latest report from blockchain analysis company Chainalysis also supports the theory of a rug pull, although without stating it with certainty:
“The Multichain attack is potentially due to compromised admin keys. While it is possible that these keys were stolen by an external hacker, many security experts and other analysts believe that this attack could be from an internal source or a rug pull, in part due to the recent problems suffered by Multichain. “
To secure its smart contracts, Multichain relies on a system known as multi-party computation (MPC). Whereas a multi-sig system will use several private keys, an MPC system will in fact fragment a single private key among several players.
Despite their many advantages, MPC portfolios suffer from a constraint similar to multisigs. In other words, if a single player collects enough fragments of this private key, it is able to carry out transactions on the smart contract. This would have been the case in the Multichain hack.
Since the attack, Circle and Tether have frozen several addresses implicated in the hack and containing USDC and USDT stablecoins for a total amount of around $65 million, i.e. more or less half of what was stolen.
Bridge problems used as argument to support thesis
In reality, it is impossible to affirm or contradict the rug pull theory in the absence of concrete evidence. However, the lack of communication from Multichain’s teams in recent months does not speak in their favour.
This has fuelled rumours of the arrest of its CEO in China, although he remains officially unreachable. In addition, 1.5 billion dollars in funds have reportedly been confiscated.
In addition, the bridge’s Twitter account has not published anything since the theft, after announcing that services would be shut down indefinitely:
The Multichain service stopped currently, and all bridge transactions will be stuck on the source chains.
There is no confirmed resume time.
Please don’t use the Multichain bridging service now.
– Multichain (Previously Anyswap) (@MultichainOrg) July 7, 2023
All these elements add to the vagueness of what was already a very murky affair, which could well spell the definitive end of the bridge.
To date, the MULTI token is trading at under $2.5, down more than 65% since the problems began.
