This article is more than three months old

Singapore court ruling fans suspicions the $125m Multichain hack was an inside job

Singapore court ruling fans suspicions the $125m Multichain hack was an inside job
DeFi
Michael Kong of the Fantom Foundation has been trying to get to the bottom of the Multichain hack for months. Credit: Darren Joseph
  • Fantom Foundation head Michael Kong has long had doubts about Multichain's story.
  • A Singapore judge ordered Multichain to pay $2.2 million to Fantom.
  • Reported arrests in China cloud picture on where the money went.

When Multichain shut down last summer after an apparent hack of $125 million worth of crypto, Michael Kong dismissed speculation it was an inside job.

As the CEO of the Fantom Foundation, Kong was dismayed as his project got burned when all that crypto was mysteriously transferred to “unknown addresses abnormally.”

But Kong couldn’t get around the idea that Multichain had a thriving business. Why ruin it?

Kong isn’t so sure anymore.

In an interview earlier this year, Kong said he can’t rule out that someone affiliated with Multichain made off with the money. “My view has kind of changed a little bit,” he told DL News. “I was a little bit too trusting of what Multichain was saying to us.”

Now a court ruling appears to give Kong’s suspicions credence.

On July 8, Judicial Commissioner Mohamed Faizal of Singapore’s High Court ruled that Multichain owes the Fantom Foundation, the organisation that manages the Fantom blockchain, $2.2 million.

A court ruling

Fantom, once a top five blockchain with almost $8 billion locked in its DeFi ecosystem, now sits just inside the top 50. As of Tuesday, DeFi applications on Fantom managed a combined $129 million, a little more than half the figure pre-hack.

Join the community to get our latest stories and updates

On the eve of last year’s exploit, much of the crypto in Fantom’s DeFi ecosystem had come via Multichain, a “bridge” that lets users move digital assets between otherwise incompatible blockchains.

The total value of crypto in Fantom's myriad DeFi applications plummeted after the Multichain incident.

“[Fantom’s] position is that the breach was possible because the CEO of [Multichain] had ultimate privileges and control over the cryptocurrency assets stored in the Multichain Bridge,” Faizal wrote in his decision.

This contravened the company’s user agreement, the judge said.

The ruling could pave the way for the appointment of a third-party liquidator and the eventual return of the stolen tokens, according to the Fantom Foundation.

Faizal also noted that Fantom believes “siphoned assets” could have been “illegally diverted” from one Multichain entity to another.

Yet the judge hastened to add that this allegation was not within the scope of the legal matter before him.

$1.8 billion lost

The court action casts a bit more light on an episode that unfolded during a spate of exploits a couple of years ago.

In 2022, bridges lost $1.8 billion to hacks, a figure that accounted for more than half the value of crypto stolen from DeFi protocols that year.

A Multichain representative could not be reached for comment. The company has not defended itself at any stage in Fantom’s lawsuit in Singapore, which began in 2023.

A person familiar with the inner workings of Multichain told DL News the company’s team didn’t plan an inside job.

“The truth will be known when the police make the case public,” said the person, who requested anonymity out of concern for their family in China.

‘It’s conceivable that someone targeted the Multichain CEO from a police force and said, ‘Hey, he has money.’’

—  Michael Kong, Fantom Foundation

Kong maintains former Multichain employees have been “entirely uncooperative.”

Multichain is a “bridge” that lets users move digital assets between otherwise incompatible blockchains. Users on blockchain A can deposit crypto in Multichain, which will issue IOU tokens on blockchain B, where they can be used as if they were the real thing.

Arrests in China

In May 2023, founder and CEO Zhaojun He was arrested by police in the south China city of Kunming, according to a statement the company made after the hack.

Despite the team’s efforts to keep the bridge running after Zhaojun’s disappearance, Multichain suffered an apparent hack on July 7, 2023, when $125 million in crypto was transferred to “unknown addresses abnormally,” the company said.

Two days later, Zhaojun’s sister tried to save what was left, according to the company. She transferred much of the remaining crypto to wallets she controlled, only to also be taken into custody on July 13.

Out of money and unable to contact the CEO or his sister, Multichain said it would shut down and share information as it became available.

To some, the case became a cautionary tale about a failure in operational security and running a business in a crypto-hostile police state.

Others, without evidence, suggested in a “Multichain scam” Telegram group chat sporting more than 500 members that Zhaojun and his sister made off with the missing crypto.

At the time, Kong said Multichain might have been the victim of a shakedown by local police. He said employees told him some of their colleagues had been arrested.

Fantom investigates

One former employee, who goes by Marcel, told DL News at least five had been detained, although this couldn’t be independently verified.

“It’s conceivable that someone targeted the Multichain CEO from a police force and said, ‘Hey, he has money, he’s quite well known in the space. Let’s target him,’” Kong told DL News last summer. “That’s what I think could be going on.”

But evidence that’s come out since has changed the picture.

The Fantom Foundation, which hired a Hong Kong law firm called King & Wood Mallesons to investigate the situation, was able to confirm Zhaojun was indeed arrested, Kong told DL News.

Police custody

While Zhaojun is likely still awaiting charges, his Multichain colleagues were more fortunate.

“Our understanding is that some were detained and had been released,” he said. “But we have had no contact with them for months as Multichain and its former team members have been entirely uncooperative.”

A mysterious arbitrage

In November, the Multichain bridge opened for about two hours, allowing a user to take advantage of a $1 million arbitrage opportunity. The profits were then transferred to Binance, the world’s largest crypto exchange.

So who was behind the move? “We believe it to be someone (or some individuals) from Multichain’s former team,” Kong told DL News this week.

Earlier this year, he said it’s doubtful the police moved funds because they would have probably used a different method.

The possibility of Multichain’s involvement came up in court.

In his ruling, Faizal noted the Fantom Foundation had taken two entities to court: Multichain Foundation Ltd, which ran the crypto bridge, and Multichain Pte Ltd.

That’s because of the “sudden incorporation” of Multichain Pte Ltd “just before the security breach on 7 July” and the foundation’s “belief that the siphoned assets could have been illegally diverted” to the entity, Faizal wrote.

But the commissioner made clear that allegation was outside the scope of his decision.

“I am not making any finding on the merits of these assertions of the involvement of [Multichain Foundation] and [Multichain Pte],” he wrote. “The merits of these assertions are not before me.”

In any event, the Fantom Foundation has yet to land on a definitive answer as to what happened.

“We are still not exactly sure,” Kong said. “Some of the [crypto] movements have been puzzling.”

Aleks Gilbert is DL News’ New York-based DeFi correspondent. Have a tip? You can reach him at aleks@dlnews.com.

Related Topics