Multichain Protocol Faces Compromise

Transactions from a limited number of addresses suggest an attacker's fund movement or a recovery effort by the team.

Multichain Protocol Faces Compromise
Multichain Protocol Faces Compromise

Protocol cross-chain compromise Multichain has confirmed some transactions, and its backlog of queued transactions has declined to only a single transaction, according to data from Multichain’s explorer utility.

Some transactions have been confirmed on the destination chain, while others appear confirmed in the Multichain Explorer but have not been confirmed on the destination chain.

Multichain Protocol Faces Compromise

Multichain confirmations on November 11, 2023. Source: Multichain.org.

The protocol has been compromised, so browsers with the Metamask wallet extension display a warning when users attempt to view the Multichain Explorer.

However, it can be viewed with a browser that lacks a Web3 wallet extension. The transactions appear to be coming from a limited number of addresses, indicating that they may be an attempt by the attacker to move funds or else part of a recovery effort by the team.

As of 21:30 UTC, there is only one pending transaction listed on the Multichain Explorer. According to the Multichain Block Explorer, transactions began to confirm on November 1 at approximately 9:00 a.m.

Some transactions on the destination chain have been confirmed. For example, a transaction of approximately 20 DAI from Ethereum to Avalanche was confirmed at 1:56 p.m.

UTC on Avalanche. A deposit of 0.1 BTC from Ethereum to Polygon at 2:44 UTC is confirmed on the Multichain block explorer, but not on Polygon.

The blockchain analytics platform Cyvers detected the resumption of transactions in the morning and shared the information on X (previously Twitter).

Multichain Protocol Faces Compromise

Caption: A single account on Ethereum making multiple deposits to Multichain on November 1. Source: Etherscan

Some of the sending accounts show multiple transactions on November 1, indicating that the sender was confident that the protocol would function correctly.