Image: Traxer via Unsplash

More than $125 million taken from crypto platform Multichain

The crypto platform Multichain has suspended its services as it investigates claims that more than $125 million in cryptocurrency was stolen.

Founded in 2020, Multichain operates as a provider of cross-chain services, allowing crypto users to transfer funds across different blockchains. The company called itself a “leader in terms of security, cross-chain speed and costs” that “interconnects multiple chains.”

Thursday evening, the company said some of the platform’s assets “have been moved to an unknown address abnormally.”

“The team is not sure what happened and is currently investigating. It is recommended that all users suspend the use of Multichain services and revoke all contract approvals related to Multichain,” it said.

Hours later, the company said all service had been stopped and noted that any bridge transactions in progress will be stuck on the source chains.

By Friday morning, the company posted a message on its website apologizing and confirming that they had been hacked.

“We are sorry. We are refunding Everyone. We got recently hacked and many user funds were taken with it. As a responsible company, Multichain is going to personally refund all lost user funds,” they said.

“All users are suggested to claim their refund and revoke app approvals to Multichain immediately. A temporary compensation disbursement has been allocated due to the negative market [sentiment].”

Researchers at several blockchain security companies said that the losses were about $126 million. Security firm PeckShield confirmed that the hackers stole millions worth of U.S. dollar-pegged coins like USDT and USDT, as well as ETH, Bitcoin and more.

Rumors arose that the cyberattack was the work of a white-hat hacker but as of Friday afternoon, it is unclear whether those assertions are accurate.

Multichain has been facing a variety of problems since May, when it told the public that it was experiencing “multiple issues due to unforeseeable circumstances.

“The team has done everything possible to maintain the protocol running, but we are currently unable to contact CEO Zhaojun and obtain the necessary server access for maintenance,” the company said on May 31.

The company listed several other technical issues that they were struggling to address because they were “beyond the team's current permissions and ability.”

Despite those concerns, the platform continued to run until the most recent incident. Binance CEO Changpeng Zhao said on Twitter that this was another in a series of hacks affecting Multichain but said it had no effect on Binance.

“This DOES NOT affect users on Binance or Binance itself. We have swapped all assets out and closed deposits a while back. Regardless, we offer our assistance in helping with the situation,” he said.

Cross-chain bridges like Multichain continue to be a ripe target for hackers in 2023 after billions were stolen throughout 2022.

PeckShield said $1.92 billion associated with cross-chain bridges has been stolen in the last 3 years.

The largest thefts so far have been more than $600 million taken from Ronin Network in 2022 and Poly Network in 2021. The Wormhole Bridge was robbed of $320 million while Nomad Bridge and Horizon Bridge lost more than $100 million.

Several of the attacks were attributed to notorious North Korean APT group Lazarus — with the funds stolen allegedly serving as one of the country’s biggest funding sources for its nuclear program.

Lazarus is believed to have stolen over $2 billion in digital assets from crypto exchanges and decentralized finance services, according to blockchain researchers at Elliptic.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.