Tracking of Multichain theft, abnormal asset outflows, etc.

ChainCatcher message, the Fantom ecosystem project SpiritSwap announced within the community that due to the Multichain incident leading to financial exhaustion, the project no longer has funds to support daily operations.Currently, SpiritSwap is looking for a new team to take over the project. If no potential team is found, SpiritSwap will cease operations on September 1, and users need to withdraw their liquidity before that date.

ChainCatcher message, the Multichain team stated that Multichain CEO Zhao Jun was taken away by the police from his home on May 12 this year and has since lost contact with the Multichain team. After contacting the MPC node operators, the team learned that the project party's operational access keys to the MPC node servers had been revoked. These MPC node servers are actually running under Zhao Jun's personal cloud server account, and no team member has access to Zhao Jun's personal cloud server account, so no one can log into these MPC servers.After the project party's special team contacted Zhao Jun's family, they learned that all of Zhao Jun's computers, mobile phones, hardware wallets, and mnemonic phrases had been confiscated by the police. Since the project's launch, all operational funds and investors' investments have been controlled by Zhao Jun. Currently, all of the team's funds and server access rights are in the hands of Zhao Jun and the police.Due to the lack of information related to the case, the team can only maintain the project's operation through the remaining access rights on some non-MPC servers that have not yet been revoked. Based on legal advice, the team chose to cooperate with Zhao Jun's family's requests as much as possible and comply with local laws and regulations, not disclosing unauthorized case information to the public.On May 30, in a responsible attitude towards the community, the team released the news of Zhao Jun's disappearance and informed the community of the technical issues currently faced.On June 4, Zhao Jun's family successfully logged into the cloud server platform using historical information from their home computer. However, Zhao Jun's family only allowed the Multichain team engineers physical access to the home computer to fix the technical issues with Router2 and Router5.During this period, Zhao Jun's family and lawyer have been communicating with the police. The team has not been informed of the details of the case but learned that Zhao Jun is about to be released and has been asked to continue maintaining the system and wait for further news. The Multichain protocol continues to operate as designed. The team is doing its best to maintain the operation of the Multichain protocol and resolve user issues with limited resources.On July 7, user assets locked in the MPC address were unusually transferred to an unknown address. According to Zhao Jun's sister, login information from a Kunming IP address was found on the cloud server platform, along with a series of operations transferring funds from the MPC address.On July 9, Zhao Jun's sister transferred the remaining user assets from the router pool and subsequently notified the team and several project parties about this asset preservation action. The funds were transferred to an EOA address controlled by Zhao Jun's sister.· 0x1eed63efba5f81d95bfe37d82c8e736b974f477b· 0x6b6314f4f07c974600d872182dcde092c480e57bOn July 13, according to information provided by Zhao Jun's family, the police have detained Zhao Jun's sister. Now, Zhao Jun's sister has also lost contact. The status of the assets she has preserved is uncertain, so the team believes it is necessary to inform the community of all known circumstances.Due to the lack of alternative information sources and corresponding operational funds, the team is forced to cease operations. If there are any further notifications and developments, the team will update the community accordingly. The Multichain team does not have access to the domain account to redirect or shut down the front end at http://multichain.org. Please help spread the word and ask users not to use Multichain services anymore. (Source link)

ChainCatcher news, according to SlowMist monitoring, since July 7, the total amount of funds flowing out from Multichain has reached 265 million USD, distributed across Ethereum, BNB Chain, Polygon, Avalanche, Arbitrum, Optimism, Fantom, Cronos, and Moonbeam chains. Among them, 65.82 million USD has been frozen by Circle and Tether, and 1,296,990.99 ICE (approximately 1.62 million USD) has been burned by the token issuer.The outflowing funds include: 1) USDT transferred from Multichain: Old BSC Bridge; 2) USDC, DAI, LINK, UNIDX, USDT, WOO, ICE, CRV, YFI, TUSD, WETH, WBTC transferred from Multichain: Fantom Bridge; 3) BIFI transferred from Anyswap: Bridge Fantom; 4) USDC, USDT, DAI, WBTC transferred from Multichain: Moonriver Bridge; 5) USDC transferred from MultiChain: Doge Bridge; 6) DAI, USDC, BTCB, WBTC, WETH, Dai.e, WBTC.e, Bridged USDC, BTC, fUSDT, ETH, etc. transferred from Multichain: Executor; 7) WBTC, USDT, ETH transferred from 0xe1910...49c53, which is marked by Etherscan as Fake_Phishing183873. Meanwhile, SlowMist believes that this marking (Fake Phishing183873) may be a false label on Etherscan, and the address may have previously belonged to the official Multichain account.

The locked assets on the Multichain MPC address have been unusually moved to an unknown wallet. The team is unsure what happened and is currently investigating.

According to ChainCatcher news, the Fantom Foundation announced via their official Twitter that FTM has never been issued or managed by Multichain, therefore wFTM, FTM ERC-20, and FTM on Opera are not affected. (Source link)

ChainCatcher message, Binance CEO Zhao Changpeng tweeted that the hacker attack encountered by Multichain will not affect Binance users or Binance itself. Binance had already redeemed all assets and closed the deposit function some time ago. At the same time, he stated that Binance is willing to provide assistance to resolve this situation. (Source link)

ChainCatcher news, according to monitoring by 0xScope, due to the Multichain vulnerability incident, MIM has become unpegged, and the current trading price of this token on Fantom is approximately $1.25. (source link)

According to ChainCatcher news, Multichain announced on their official Twitter that current services have been halted, and all bridging transactions will be stuck on the source chain. There is no confirmed time for recovery yet, so please refrain from using the Multichain bridging service for the time being. (Source link)