TechFlow news, NewFire Technologies researcher 0xLoki tweeted that Multichain appears to have lost full control due to certain irresistible factors, rather than being simply attacked.
The abnormal fund movements on Multichain exhibit four characteristics:
1. The asset transfers have been ongoing for a long duration, indicating the mover is not in a rush;
2. A small 2 USDC test transfer preceded the main transfers, suggesting the mover has sustained transfer capability;
3. Each asset was moved to separate wallets, with no subsequent actions (such as transferring to exchanges, swaps, or mixing services);
4. The receiving wallets are completely clean, lacking even gas fees.
From this, we can infer:
1. The mover has ample time; considering the technical nature of MPC, it's likely they have fully obtained control over more than the threshold number of private key shards;
2. The 'attack method' is extremely simple—just basic transfer operations without any contracts, and including testing steps—indicating the actor is unlikely to be a typical hacker;
3. The mover has not taken further actions to dispose of or liquidate the assets, suggesting the operator may lack absolute decision-making authority.
0xLoki believes that assets under Multichain’s MPC multisig control are now out of control. Correspondingly, holders who possess other threshold-level MPC or multisig shards should immediately assess their risk exposure related to all Multichain contracts and cross-chain assets. Next, attention should be paid to what the receiving addresses will do.
In addition, 0xLoki stated that MPC itself isn't flawed, but having a single individual hold more than the threshold number of shards while located in a jurisdiction where cryptocurrency activities are banned or unprotected—is problematic.




