A person is using the Multichain Executor to “drain” tokens associated with the AnySwap bridging protocol, according to a July 10 report from on-chain sleuth and Twitter user Spreek. The report follows previous outflows of over $100 million from Multichain bridges that occurred on July 7, which were reported by the Multichain team as “abnormal.”
The Multichain Executor address has been draining anyToken addresses across many chains today and moving them all to a new EOA pic.twitter.com/gqDaXMBl96
— Spreek (@spreekaway) July 10, 2023
According to Spreek’s July 10 report, “The Multichain Executor address has been draining anyToken addresses across many chains today and moving them all to a new EOA [externally owned account].”
An image attached to the post shows Ethereum transaction 0x53ede4462d90978b992b0a88727de19afe4e96f0374aa1a221b8ff65fda5a6fe. Blockchain data reveals that this transaction called the “anySwapFeeTo” method on the Multichain Router: V4 contract, causing approximately $15,275.90 worth of anyDAI to be minted on Ethereum and sent to the Multichain Executor, who then burned it and exchanged it for the underlying DAI stablecoin backing the asset.
In a separate comment, Spreek said the funds are being sent to the following address: 0x1eed63efba5f81d95bfe37d82c8e736b974f477b. Ethereum blockchain data shows that this address received the redeemed DAI from the Multichain Executor on July 10, about five minutes after the previous transaction.
Data for BNB Smart Chain (BSC) shows that the Multichain Executor also called the anySwapFeeTo function on its network for $208,997 worth of anySwap US Dollar Coin (USDC). This resulted in $208,997 worth of the tokens being converted into their underlying Binance-Pegged USDC, which were subsequently sent to this same address. In other BSC transactions, the contract used this process to convert 50.80 anyBTC, worth $39,251.43 at the time, to equivalent Binance-Pegged Bitcoin (BTCB) and send it to this address.
The transactions add up to approximately $263,524.33 worth of tokens sent to this address through the anySwapFeeTo method.
Spreek said this behavior could be part of the normal functioning of the protocol. On the other hand, a different account had engaged in similar behavior the day before, they stated. The other account eventually sold the drained tokens, providing evidence that it was malicious:
“It is unclear whether this…
Click Here to Read the Full Original Article at Cointelegraph.com News…
