Hacked cross-chain protocol Multichain has confirmed some transactions, and its backlog of queued transactions has declined to only a single transaction, according to data from Multichain’s explorer tool. Blockchain data confirms that some of the transactions have been confirmed on the destination chain, while others show as confirmed in the Multichain explorer but not on the destination chain.
Browsers with the Metamask wallet extension currently show a warning when users attempt to view the Multichain explorer, due to the fact that the protocol has been hacked. However, it can be viewed with a browser that does not have a Web3 wallet installed. Cointelegraph does not recommend connecting to Multichain with a wallet app, and the site itself may also be unsafe.
The transactions appear to be coming from a small number of addresses, indicating that they may be an attempt by the attacker to move funds or else part of a recovery effort by the team. As of 9:30 pm UTC, only a single transaction is listed as pending on Multichain’s explorer.
According to the Multichain block explorer, transactions started confirming at approximately 9 am on November 1.
Some transactions have been confirmed on the destination chain. For example, a deposit of approximately 20 DAI was made from Ethereum to Avalanche, which was confirmed on Avalanche at 1:56 pm UTC. However, a deposit of 0.1 BTC that was made from Ethereum to Polygon at 2:44 shows as confirmed on the Multichain block explorer but has not been confirmed on Polygon.
Blockchain analytics platform Cyvers detected the resumption of transactions in the morning, and posted the info to X (formerly Twitter).
UPDATE On July 6th, @MultichainOrg faced a $126M hack! We have detected real time
But today exciting news! @MultichainOrg has resumed processing bridge transactions after 117 days of downtime.
Many bridge transactions successfully went through. ️ We’re closely… https://t.co/KoizCgXYeJ pic.twitter.com/Nw4muay5xE
— Cyvers Alerts (@CyversAlerts) November 1, 2023
Some of the sending accounts show multiple transactions on November 1, indicating that the sender was confidant that the protocol would work correctly.
This is a developing story, and further information will be added as it becomes available.