Multichain Woes: Users Informed of an ‘Abnormal’ Transfer of Assets to Unknown Address
Users of the cross-chain protocol Multichain were on July 6 informed of an abnormal transfer of lockup assets on the Multichain MPC address to an unknown address. While the Multichain team has urged users to stop using the cross-chain protocol, Binance CEO Changpeng Zhao (CZ) told his followers that the incident does not affect Binance users or the exchange itself.
Users Told Revoke All ‘Contract Approvals Related to Multichain’
Just over a month after the disappearance of the Multichain CEO known only as Zhaojun sent shockwaves through the crypto community, users of the cross-chain protocol were on July 6 informed of an abnormal transfer of “lockup assets to an unknown address.” According to a statement shared via the cross-chain protocol’s verified Twitter handle, the Multichain “team is not sure what happened and is currently investigating.”
As reported by Bitcoin.com News on June 3, Zhaojun’s unavailability saw the router technology problems experienced by the cross-chain protocol cause disruptions to regular cross-chain services. The team revealed then that several chains including Kekchain, Publicmint, Dyno Chain, Red Light Chain, Dexit, Ekta, HPB, ONUS, Omax, Findora, and Planq had been affected. At the time, the team did not ask users to stop using the protocol even as rumors grew that Zhaojun had been arrested in China.
However, more than 30 days after Multichain’s problems came to the fore, the team behind the cross-chain protocol has told users to stop utilizing it.
“It is recommended that all users suspend the use of Multichain services and revoke all contract approvals related to Multichain,” the team said.
The Multichain service stopped currently, and all bridge transactions will be stuck on the source chains.
There is no confirmed resume time.
Please don’t use the Multichain bridging service now.
— Multichain (Previously Anyswap) (@MultichainOrg) July 7, 2023
Reacting to Multichain’s tweet, Binance CEO Changpeng Zhao (CZ) told his followers that the “hacking” incident does not affect users on Binance or the cryptocurrency exchange itself. He added:
We have swapped all assets out and closed deposits a while back. Regardless, we offer our assistance in helping with the situation.
‘Attacker Is Probably Not a Hacker’
While the Binance CEO has characterized the transfer lockup assets on the Multichain MPC address as hacking, a Twitter user going by the name Oxloki said their analysis suggests that the attacker may not be a hacker.
“The transferor has enough time. Considering the technical characteristics of MPC, the transferor may have completely obtained control of private key shards exceeding the threshold in some way. The ‘attack method’ is very simple, it is a simple transfer operation, there is no contract, and there is a test, the attacker is probably not a hacker,” the Twitter user explained.
Meanwhile, in a notice shared via Twitter, Kyber Network, a blockchain-based liquidity hub, urged users to “revoke all permissions and not use any Multichain service.” According to the team, Kyber Network is in the process of “disabling the bridge function on our UI.”
DIP Exchange, a decentralized exchange platform, said that while the latest incident on Multichain may slow it down this will not stop it from continuing to build.
What are your thoughts on this story? Let us know what you think in the comments section below.
Read More
Multichain Woes: Users Informed of an ‘Abnormal’ Transfer of Assets to Unknown Address
Users of the cross-chain protocol Multichain were on July 6 informed of an abnormal transfer of lockup assets on the Multichain MPC address to an unknown address. While the Multichain team has urged users to stop using the cross-chain protocol, Binance CEO Changpeng Zhao (CZ) told his followers that the incident does not affect Binance users or the exchange itself.
Users Told Revoke All ‘Contract Approvals Related to Multichain’
Just over a month after the disappearance of the Multichain CEO known only as Zhaojun sent shockwaves through the crypto community, users of the cross-chain protocol were on July 6 informed of an abnormal transfer of “lockup assets to an unknown address.” According to a statement shared via the cross-chain protocol’s verified Twitter handle, the Multichain “team is not sure what happened and is currently investigating.”
As reported by Bitcoin.com News on June 3, Zhaojun’s unavailability saw the router technology problems experienced by the cross-chain protocol cause disruptions to regular cross-chain services. The team revealed then that several chains including Kekchain, Publicmint, Dyno Chain, Red Light Chain, Dexit, Ekta, HPB, ONUS, Omax, Findora, and Planq had been affected. At the time, the team did not ask users to stop using the protocol even as rumors grew that Zhaojun had been arrested in China.
However, more than 30 days after Multichain’s problems came to the fore, the team behind the cross-chain protocol has told users to stop utilizing it.
“It is recommended that all users suspend the use of Multichain services and revoke all contract approvals related to Multichain,” the team said.
The Multichain service stopped currently, and all bridge transactions will be stuck on the source chains.
There is no confirmed resume time.
Please don’t use the Multichain bridging service now.
— Multichain (Previously Anyswap) (@MultichainOrg) July 7, 2023
Reacting to Multichain’s tweet, Binance CEO Changpeng Zhao (CZ) told his followers that the “hacking” incident does not affect users on Binance or the cryptocurrency exchange itself. He added:
We have swapped all assets out and closed deposits a while back. Regardless, we offer our assistance in helping with the situation.
‘Attacker Is Probably Not a Hacker’
While the Binance CEO has characterized the transfer lockup assets on the Multichain MPC address as hacking, a Twitter user going by the name Oxloki said their analysis suggests that the attacker may not be a hacker.
“The transferor has enough time. Considering the technical characteristics of MPC, the transferor may have completely obtained control of private key shards exceeding the threshold in some way. The ‘attack method’ is very simple, it is a simple transfer operation, there is no contract, and there is a test, the attacker is probably not a hacker,” the Twitter user explained.
Meanwhile, in a notice shared via Twitter, Kyber Network, a blockchain-based liquidity hub, urged users to “revoke all permissions and not use any Multichain service.” According to the team, Kyber Network is in the process of “disabling the bridge function on our UI.”
DIP Exchange, a decentralized exchange platform, said that while the latest incident on Multichain may slow it down this will not stop it from continuing to build.
What are your thoughts on this story? Let us know what you think in the comments section below.
Read More