Multichain victims search for answers in .5B exploit as new evidence emerges

On July 14, the developers of Multichain, a $1.5 billion Chinese cross-chain protocol, confirmed users’ worst fears. The deal’s chief executive, known only as “Zhaojun He,” was arrested by Chinese authorities in Kunming on May 21 after months of repeated denials by official communication channels. Also allegedly arrested was the Shanghai-based core team of Multichain.

It was never revealed why Zhaojun was arrested or what the charges were. However, there is evidence that Multichain funds may have been seized as part of an anti-money laundering operation amid an intensified crackdown on cryptocurrencies by Chinese authorities. Additionally, the CEO’s alleged use of fake IDs to register Multichain’s operations only caused more problems.

Multichain co-founder Alfred Xu assures the development team is doing a “good job” on May 24 | Source: Telegram

victims demand answers

even though they were before ensure In terms of decentralization, the Multichain team revealed that the protocol’s multi-party computing servers and private keys are all under the exclusive control of Zhaojun and have been handed over to the police. Without access to the projects, the protocol had to shut down, and its team members were nowhere to be found.

As of the July 14 disclosure, the $1.5 billion in total value locked on the multi-chain bridge remained inaccessible.an artThe mpt, which “rescued” users’ assets earlier that month, also led to the arrest of Zhaojun’s sister, the development team said. Since the arrests began, funds on multiple chains have been mysteriously swapped or bridged to unidentified wallets.

Cryptocurrency investor ArkRide formed a victims group shortly after claiming he had more than $9,000 stranded in the Multichain protocol. The group now has more than 300 members.

ArkRide told Cointelegraph that when the group was formed, members didn’t even know the names of key Multichain executives. Subsequently, a member shared a document from the Singapore government’s Accounting and Corporate Regulatory Authority, purportedly a multi-chain business filing. The filing lists “He Xiaokun,” a resident of China’s Jiangsu province, as a “director” of the company. After seeing this document, some people claimed that “He Zhaojun” was actually a pseudonym of “He Xiaokun”. (Chinese surname first.)

Singapore corporate filing of the main business entity behind Multichain. Source: Telegram

Several multi-chain victims contacted the Chinese embassy and police in their home countries in an attempt to obtain more information, but received no response.

Around the same time as the user investigation, they were contacted by the Fantom Foundation, one of the largest users of the multi-chain bridge before it collapsed. Through several Telegram messages, Fantom sources said the company has hired lawyers in China to assist in the recovery process and confirmed that Multichain co-founder Zhao Jun has been detained by Chinese police.

“We have been collecting information from different parties and contacted a Chinese law firm for advice on the next step,” the source also claimed that some multi-chain funds have been frozen by centralized exchanges and stablecoin issuers, and the foundation is working on Attempts to distribute these funds to victims. Asked about the possibility of pulling the rug, the source wrote: “I don’t believe the MC team misappropriated funds.”

On July 14, Fantom co-founder Andre Cronje said that “multi-chain is a huge blow to the network” because most of its total value locked is composed of multi-chain derivative stablecoins. Stablecoin issuers Circle and Tether have frozen over $65 million in assets related to the hack, according to blockchain data.

Cointelegraph reached out to the Fantom Foundation for comment, but had not heard back by press time.

In a conversation with Cointelegraph, freelance content creator PJ Krypto claimed that he lost an entire month’s salary from his clients due to funds being trapped in the multi-chain protocol. According to him, this happened on August 1, nearly a month after the team announced that the protocol should not be used.

Multichain’s user interface does not issue warnings that it should not be used. (August 23, 2023)

After the transfer took an unusually long time, PJ checked Multichain’s block explorer and found an unusually high number of pending transactions. Shocked, he then checked the agreement’s social media accounts.

“My jaw almost dropped to the floor when I started reading everything,” he said, continuing:

“I don’t know, I guess, sometimes, you just feel a little bit more comfortable. You’ve used something before, and it worked. You get a little slacker, and I think that’s where I suffer (…) Stupid Yes, I could have sent it to a centralized exchange.”

The content creator stated that his salary is still stuck in the multi-chain protocol. As a result, he was unable to pay the team for subcontracted work done for him in July, and would likely have to pay those payments from his August earnings. “It’s a tough pill for them to swallow. I mean, they have bills, right? I’m now in arrears on content creation.”

On July 15, ArkRide lost over $9,000 worth of cryptocurrency in Multichain under similar circumstances. He expressed relief that the damage from the hack was minimal, and said he’s met others in worse situations:

“The amount of money I’ve lost on Multichain is not as much as some people I’ve talked to have lost close to half a million. Get up out of bed and they tell me they want to kill themselves or something like that.”

investigation continues

China’s national ID system reveals information about who are Multichain’s actual directors. The Chinese National Identity Card is a 15- or 18-digit number that contains an individual’s jurisdiction of residence, date of birth, and gender.

The query shows that the individual “He Xiaokun” listed in Multichain’s Singapore registration documents was born on May 10, 1955. The same search for “Yang Qiumei,” another director listed on Multichain’s registration documents, revealed that the person was born on July 20, 1957. Multichain’s third director Ruduo Xu (possibly referring to co-founder Alfred Xu) registered with a different type of ID. Alfred Xu has not been able to be reached since his colleague was arrested.

The ID search query shows that the individual “He Xiaokun” on the multi-chain director list is 68 years old and lives in a village in Jiangsu. Source: ID Search

Both men were shown to live at the same address in rural China. After the news was released, sources contacted Cointelegraph to confirm that “He Xiaokun” and “Yang Qiumei” are the parents of Multichain CEO He Zhaojun.The CEO’s name was also confirmed in a statement in 2019 Locationt.

A photo of Zhao Jun circulated during his participation in the cryptocurrency project Fusion around 2017, and was previously the profile picture of his official Twitter account.Dejun Qian Fusion Co-Founder comfirmed At the time of the incident, Zhaojun was in charge of Multichain. The two had previously been involved in a commercial dispute over Multichain, which at the time was formerly known as Anyswap.

Zhaojun He as list On the development team at Fusion. His biography reads: “MHas more than 10 years of experience in secure Linux research and development. He used to be the technical director of China’s leading security operating system. Received a bachelor’s degree in software engineering from Dalian University of Technology. ” Source: Fusion

According to sources reviewed by Cointelegraph, from the very beginning (May 21), Chinese authorities accused Zhaojun of “money laundering” by bridging users’ tainted assets through a multi-chain protocol. As such, the police attempt to seize all protocol assets, whether users, businesses, or tainted assets, as proceeds of crime. While some of the funds were seized after centralized exchanges or stablecoin issuers froze the funds, the rest were transferred to Chinese authorities, these sources said.

Liang Wuwei, former employee of cryptocurrency exchange CoinXP, claim In 2019, the company’s entire development team was arrested by the Chinese police, the agreement funds were confiscated and all related businesses were shut down. Liang Liang, the company’s chief executive, was subsequently accused of operating a “multi-level marketing operation” and a “pyramid scheme,” which, if convicted, could lead to the criminal seizure of project users and business assets.

During the trial in July, some sources said key witnesses and defense lawyers were subjected to legal intimidation. A presiding judge also reportedly said that “presumption of innocence until proven guilty” is “not a correct principle” in Chinese law. The trial has been adjourned.

CoinXP Trial Participants Allegedly Arrested by Police | Source: Liang Liang

In a similar incident on May 29, Chinese cryptocurrency exchange BKEX suspended withdrawals, citing “money laundering” charges and needing to cooperate with the police. The exchange has since been inactive, and like Multichain, its team members are also missing. Social channels have also gone cold. Its website is also offline.

Cryptocurrency exchange BKEX’s last message to users before withdrawals are halted.

In another incident, the entire development team of offshore Hong Kong dollar and yuan stablecoin issuer Trust Reserve disappeared in May after its offices were raided by police. Local sources said the Trust Reserve developer had been detained. Again, the charges are unknown.

corruption allegations

In each case, the police failed to inform investors of the charges against the protocol developers, or of the procedures available to investors to recover their funds. CoinXP’s Liang claims this is because the police are exploiting the legal system as a means of corruption embezzle Investors commit capital for their own benefit:

“Defense attorneys would persuade the client and his family (the arrested crypto executive) to comply, shut down the server, hand over the (private) keys, and cooperate in a guilty plea, claiming that this would lead to leniency. Little did they know, this made law enforcement It is easy to profit from illegal behavior, “legally” put the parties in jail, and “legally” take away the digital assets belonging to users, investors, and founders of the team.”

For whatever reason, the Chinese government has yet to answer investors’ questions about where the funds went and why they were not returned to users.

Users in “multi-chain scam” groups like ArkRide, PJ Krypto, and others have so far been unable to get answers to where their hard-earned money has gone. But one thing is for sure: the multi-chain breach will be one of the worst cryptocurrency hacks of 2023. All over the world, the assets of multi-chain users have mysteriously disappeared. While some of the funds may be recovered, many people still bear the trauma of the resulting.

Cointelegraph editor Zhiyuan Sun contributed to this report.

Update 23 Aug 2023 19:25 UTC: This article has been updated based on reader reports to confirm that two of the directors registered in Multichain’s Singapore filings are in fact the parents of CEO Ho Siu Jun.

Magazine: Should we ban ransomware payments?It’s an attractive but dangerous idea