In one of the cyber biggest hacks of the year, more than $126 million was stolen from the cross-chain router protocol Multichain.
The AI-based CyVers platform detected the bridge exploit on Thursday, July 6, and the team immediately notified Multichain and the Web3 community to ensure that action could be taken to minimize the potential for additional losses.
The Multichain team confirmed the assets were moved to an unauthorized address. However, they are still uncertain about the exact nature of the incident and have recommended that users suspend all services. CyVers suspects the exploit could be a hack, rug pull, or an insider job involving a compromised private key.
Following the incident, Circle and Tether swiftly blacklisted addresses holding $67.5 million in stolen Multichain assets. With operations temporarily halted and concerns arising about leadership absence and centralization, Multichain is under intense scrutiny
The CyVers platform was also the first to discover the PolyNetwork bridge hack on July 1.
Beyond being a bridge attack, the Multichain incident is unusual on two counts. 1) They were prepared. Two hours before it occurred, the hackers performed three test transactions of US$2 each to ensure they would avoid difficulties during the major hack. 2) The post-attack pattern was very different. Usually, hackers try to launder the money as quickly as possible by swapping it into DEX and CEX (as we saw in PolyNetwork case). This time, the money has not moved for a few days; it is still on the hackers’ addresses.
The $126M hack is the second biggest cyber-attack this year and a stark reminder of insufficiencies in Web3 security. With increasingly sophisticated hacks, more proactive, robust security is necessary to deal with the complexities and novel challenges of the Web3 environment.
CyVers identifies and mitigates such security threats by analyzing network behaviors in the blockchain transaction space. The platform collects cross-blockchain data and applies AI-based geometric anomaly detection to identify topological outliers and swiftly detect emerging threats, including smart contract exploits and private key leakage. This enables stakeholders to respond quickly and implement effective countermeasures against exploitation and money laundering.
Meir Dolev, CTO and co-founder of CyVers
Instead of creating a malicious contract, the threat actors directly attacked the bridge’s MPC wallets, the critical point of transaction flows. We were able to ‘see’ the transactions because of our AI-based behavioral analysis engine. Bridge attacks are growing in popularity; the Multichain attack is actually the second one in less than a week.
Deddy Lavid, CEO and co-founder of CyVers
Based on the lack of movement, we suspect it might be related to the arrest of the Multichain CEO in May by Chinese authorities, or maybe this is an insider attack, and he doesn’t know how to move forward,
