Current finds on the @MultichainOrg hack:
It appears that activity has stopped. However, with multiple bridges all being drained, this looks more like a hack or rugpull and less like a migration.
Please do not use and revoke all permission related to Multichain.
Timeline:… https://t.co/EFeo4DH3yV
Blockchain security firm SlowMist commented, “The activity seems to have ceased. However, considering multiple bridges have been drained, it appears more like a hack or a rugpull rather than a migration.”
SlowMist pointed out the initial suspicious transaction, which occurred at 4:21 pm UTC, where a mere $2 in USDC was withdrawn from the Multichain Fantom bridge. Two hours following this, the alleged hacker extracted $31 million WBTC, and an hour later, began draining the Multichain Moonriver bridge and the Multichain Dogechain bridge.
Blockchain security firm Certik, which had audited Multichain twice without identifying any critical issues with its codebase, stated, “This exploit seems to be the consequence of a private key compromise, and as such, it falls outside the purview of the audits we conducted.”