Blockchain security firm CyVers is claiming first in uncovering the Multichain mega hack that saw over $126 million pilfered from the protocol.
As was previously reported, Multichain halted its network on the hack just a month after the entity’s CEO disappeared.
Cyvers said its AI-driven service detected the break-in on Thursday, July 6th. Cyvers said it immediately notified Multichain and other members of the community to stem the loss.
The Multichain reportedly then confirmed the assets were moved to an unauthorized address. CyVers said the exploit could be a “hack, rug pull, or an insider job involving a compromised private key.”
Recipient wallet addresses were soon blacklisted by big crypto firms to halt the movement of the funds.
Meir Dolev, CTO and co-founder of CyVers, said the crooks directly attacked the bridges MPC wallets.
“We were able to ‘see’ the transactions because of our AI-based behavioral analysis engine. Bridge attacks are growing in popularity; the Multichain attack is actually the second one in less than a week.”
Cyvers says the Multichain incident is unusual on two counts.
1) They were prepared. Two hours before it occurred, the hackers performed three test transactions of US$2 each to ensure they would avoid difficulties during the major hack.
2) The post-attack pattern was very different. Usually, hackers try to launder the money as quickly as possible by swapping it into DEX and CEX. This time, the money has not moved for a few days; it is still on the hackers’ addresses.
“Based on the lack of movement, we suspect it might be related to the arrest of the Multichain CEO in May by Chinese authorities, or maybe this is an insider attack, and he doesn’t know how to move forward,” said Deddy Lavid, CEO and co-founder of CyVers.
Cyvers stated the obvious: the security of Web3 firms is still too lax, and with sophisticated actors out in the wild, robust security protocols are needed.