Cross-chain protocol Multichain was seemingly exploited last week, losing around $126 million worth of assets, according to blockchain security firms’ estimates. At the time, the team disclosed they were unsure of what had caused the abnormal outflows, urging users to revoke all contract approvals to the protocol.

On July 10, on-chain sleuth Spreek highlighted a series of suspicious transactions from the Multichain executor address, which had beendraining anyToken addresses across many chains…and moving them all to a new EOA [externally owned account].”

Independent reporter Wu Blockchain found that Multichain had recorded another $117 million worth of outflows that had been transferred to a new address “0x1eed63efba5f81d95bfe37d82c8e736b974f477b.”

According to the address profile on wallet tracker DeBank, the amount of tokens held at this address is now valued at $106 million.

In a report summarizing the exploit published earlier this week, blockchain analytics firm Chainalysis noted that the Multichain attacker would have needed to gain control of a sufficient number of the protocol’s multi-party computation (MPC) keys in order to carry out the hack.

“It’s also interesting that the attacker did not swap out of centrally controlled assets like USDC, which can be frozen by the issuing company,” wrote the Chainalysis team. 

Indeed, stablecoin issuers Circle and Tether froze around $65 million worth of funds related to the Multichain exploit.

Web3 security firm Beosin speculated that, based on the on-chain behaviour of the Multichain exploiter, it was highly likely that the exploit was the result of an internal operation.