blockworks.co
Multichain revealed on Friday that CEO Zhaojun and his sister were responsible for the unauthorized withdrawals of over $130 million last week.
The team disclosed that Zhaojun had been detained by Chinese police on May 21 and had been unresponsive ever since.
Its protocol has a multi-party computation (MPC) system, similar to a multi-signature wallet. Multichain said these MPC node servers were operated under Zhaojun’s personal cloud server, meaning access was limited to him alone.
Moreover, authorities confiscated all of his devices, including computers, phones, hardware wallets and recovery phrases.
“This also means that all the team’s funds and access to the servers are with Zhaojun and the police,” they said.
1. On May 21, 2023, Multichain CEO Zhaojun was taken away by the Chinese police from his home and has been out of contact with the global Multichain team ever since. The team contacted the MPC node operators and learned that their operational access keys to MPC node servers had…
— Multichain (Previously Anyswap) (@MultichainOrg) July 14, 2023
Following Zhaojun’s arrest, his family is believed to have accessed the cloud server platform using information from his home computer.
However, they granted limited access to Multichain’s team engineers solely for the purpose of addressing specific router-related technical issues, they said.
IP address linked to fund transfers originating from Chinese city Kunming
In the aftermath of the unauthorized transfers on July 7, Zhaojun’s sister discovered login details originating from an IP address in Kunming, a city located in China’s Yunnan province. She also came across a sequence of transactions involving the transfer of funds from the MPC addresses.
After the withdrawals, she moved the remaining user assets to externally owned addresses and notified the team. Subsequently, she too was detained by law enforcement authorities, according to the Multichain team.
Multichain shuts down services, looks to take down website
The team said it has faced challenges in maintaining operations due to limited access on non-MPC servers and legal advice to cooperate with the demands of Zhaojun’s family.
With a lack of alternative sources of information and the inability to bring down their website, Multichain said it has been forced to shut down operations. It has asked domain registrar GoDaddy to help bring the website down.
The exploit affected multiple tokens, including wrapped bitcoin, USDC, DAI, and LINK.
Chainalysis suspected that the exploit may have been an inside job, which appears prima facie correct, although the extenuating circumstances remain unknown.
Multichain’s native token MULTI has plunged over 40% since news of its difficulties emerged.
Zhaojun’s arrest in May coincided with the reported detention of Trust Reserve staff, a yuan-backed stablecoin issuer. Trust Reserve’s offices were found empty with a notice of judicial seizure.