A recent series of transactions involving the Multichain Executor address has caught the attention of the cryptocurrency community, raising concerns about potential malicious activity. The address has been at the center of significant token movements associated with the AnySwap bridging protocol, leaving blockchain analysts puzzled about the motive and impact of these transactions.
According to a report by on-chain sleuth and Twitter user Spreek, the Multichain Executor address has been draining tokens connected to the AnySwap protocol across various blockchain networks. On July 10, the address utilized the “anySwapFeeTo” function, resulting in the creation of approximately $15,275.90 worth of anyDAI on the Ethereum network. These tokens were subsequently sent to the Multichain Executor, where they were burned and exchanged for the underlying DAI stablecoin.
The report suggests that an individual is exploiting the Multichain Executor to drain tokens associated with the AnySwap bridging protocol. Spreek further identifies an address, 0x1eed63efba5f81d95bfe37d82c8e736b974f477b, to which the redeemed DAI was sent. Notably, this address received the tokens only a few minutes after the previous transaction.
Data from the Binance Smart Chain (BSC) reveals that the Multichain Executor also employed the anySwapFeeTo function to convert $208,997 worth of anySwap US Dollar Coin (USDC) tokens into Binance-Pegged USDC. These tokens were subsequently transferred to the same address mentioned earlier. Additionally, the contract performed similar transactions with anyBTC, converting 50.80 tokens worth $39,251.43 into Binance-Pegged Bitcoin (BTCB) and sending them to the address.
In total, these transactions amount to approximately $263,524.33 worth of tokens being transferred to the aforementioned address through the anySwapFeeTo method.
While it remains uncertain whether these actions are authorized behavior within the protocol, Spreek highlights a similar occurrence the previous day involving a different account. In that case, the drained tokens were swiftly sold for Ethereum, indicating malicious intent.
The on-chain sleuth theorizes that the attacker may be exploiting the anySwapFeeTo function to set fees at arbitrarily high amounts, allowing them to drain users’ funds. This function appears to permit the address to choose the total value of the token held in anyToken.
The incident involving the Multichain Executor has left blockchain analysts perplexed, with no conclusive evidence to determine whether it resulted from an exploit or simply involves large token holders moving their funds between networks. The mystery unfolded on July 7 when over $100 million worth of tokens were withdrawn from the Ethereum side of Multichain’s Fantom, Moonriver, and Dogechain bridges and transferred to wallet addresses without any prior transactions. These withdrawals represented the majority of funds held on each bridge.
The Multichain team acknowledged the abnormal nature of these withdrawals and urged users to cease utilizing the protocol. However, the source and cause of this anomaly have yet to be officially disclosed.
On July 8, stablecoin issuers Circle and Tether froze certain addresses linked to the unusual transactions. Subsequently, blockchain analytics firm Chainanalysis stated that the incident appears more like a hack or rugpull rather than a migration.
In a concerning twist, the Multichain team has reported the disappearance of their CEO and the shutdown of some bridges due to a lack of access to certain multi-party computation network servers.
As investigations continue, the cryptocurrency community eagerly awaits further updates to shed light on the motives behind these suspicious transactions and the impact they may have on the Multichain ecosystem.
Get the latest Crypto & Blockchain News in your inbox.