Well, folks, we’ve got a bit of a situation on our hands. Multichain, a project that’s been through its fair share of ups and downs, has again found itself in hot water. Yesterday, Multichain addresses were drained for a total of $126 million, representing around 50% of the FTM bridge and 80% of the Moonriver bridge holdings. Talk about a bad day at the office!
Now, for those of you who are new to the party, Multichain has quite the track record. Before rebranding to Multichain, it was known as Anyswap and was hacked for $8 million almost two years ago. Then, in early 2022, six multi-token contracts were found vulnerable to an approvals-draining attack, leading to an estimated $3 million in user losses. And if that wasn’t enough, in May of this year, Multichain caused a bit of a panic when it responded to bridging delays, potential insider dumping, and team arrest rumors with a vague but foreboding “force majeure.”
This time around, the situation seems just as dire. The lockup assets on the Multichain MPC address have been moved to an unknown address abnormally. The team isn’t sure what happened and is currently investigating. In the meantime, they’ve recommended that all users suspend the use of Multichain services and revoke all contract approvals related to Multichain.
So, what’s the deal here? Is this just another one of Cronje’s test-in-prod experiments gone wrong? The largest rug we’ve ever seen? Or even a very shy whitehat? Only time will tell, but one thing’s for sure: this is a story that’s worth keeping an eye on.
