Crypto Flash: Multichain Executor Drains AnySwap Tokens
According to a July 10 report from on-chain sleuth and Twitter user Spreek, the Multichain Executor is draining tokens associated with the AnySwap bridging protocol. This follows outflows of over $100 million from Multichain bridges that occurred on July 7, which were reported by the Multichain team as “abnormal.”
Spreek’s July 10 report states that “The Multichain Executor address has been draining anyToken addresses across many chains today and moving them all to a new EOA [externally owned account].” An image attached to the post shows a Ethereum transaction, which caused approximately $15,275.90 worth of anyDAI — a derivative version of the Dai (DAI) stablecoin — to be minted on Ethereum and sent to the Multichain Executor, who then burned it and exchanged it for the underlying DAI backing the asset.
In a separate comment, Spreek said the funds are being sent to the following address: 0x1eed63efba5f81d95bfe37d82c8e736b974f477b. Ethereum blockchain data shows that this address received the redeemed DAI from the Multichain Executor on July 10, about five minutes after the previous crypto flash transaction.
Crypto Transactions on BNB Smart Chain (BSC)
Data for BNB Smart Chain (BSC) reveals that the Multichain Executor has used the anySwapFeeTo function on its network for a value of $208,997 worth of anyUSDC. This resulted in the tokens being converted into Binance-Pegged USDC, which were sent to the same address. In other BSC transactions, the contract utilized the same process to convert 50.80 anyBTC, worth $39,251.43, to equivalent Binance-Pegged Bitcoin and send it to this address.
The transactions amount to around $263,524.33 worth of tokens sent to this address through the anySwapFeeTo method.
Spreek stated that this behavior might be part of the normal functioning of the protocol. However, the day before, a different account had engaged in similar activity, Spreek mentioned. The other account eventually sold the drained tokens, providing evidence that it was malicious:
The crypto sleuth theorized that the attacker might be using the anySwapFeeTo function to set fees to an excessively high amount, enabling them to drain users’ funds. This function “[a]pparently allows ANY value to be set, so the address is simply choosing the total value of the token held in that anyToken,” Spreek said.
The Multichain Incident: A Mystery in the Crypto World
The crypto world has been baffled by the Multichain incident, as no one has been able to prove whether it was caused by an exploit or simply by large tokenholders moving their funds between networks. On July 7, over $100 million worth of tokens were withdrawn from the Ethereum side of Multichain’s Fantom, Moonriver and Dogechain bridges and sent to wallet addresses with no previous transactions. These withdrawals represented the majority of funds held on each bridge.
The Multichain team declared that the withdrawals were “abnormal” and told users to stop using the protocol. Yet, the team did not reveal the source of the anomaly.
On July 8, Circle and Tether, two major stablecoin issuers, froze some of the addresses that received funds connected to the strange transactions. On July 11, Chainanalysis, a blockchain analytics firm, stated that the incident “looks more like a hack or rugpull and less like a migration.”
The Multichain team has reported that their CEO is missing and that they’ve closed some bridges due to no longer having access to some of the network’s multi-party computation network servers.
Collect this article as an NFT to demonstrate your support for independent journalism in the crypto space and preserve this moment in history with luna crypto latest, todays crypto, big eyes crypto and ankr crypto.
Subscribe to our email newsletter to get the latest posts delivered right to your email.