Over $125 Million of users’ funds was stolen from the cross-chain router protocol Multichain (previously AnySwap) on July 6 to what appears a hack or a rug pull by insiders leaving users confused about the whole thing. So far, Multichain’s recent exploit is one of the biggest crypto hacks on record.

The team confirmed that the assets were moved to an unauthorized address but they are still uncertain about the exact origin of the incident. They have also recommended that users suspend all services while investigating the issue.

CyVers, an AI-based security platform detected the bridge exploit and immediately notified Multichain and the Web3 community to make sure that action will be taken to minimize further loss. However, CyVers suspects that the exploit could be a hack, rug pull, or an insider job involving a compromised private key. In this case, Multichain is now under intense scrutiny.

Following the exploit, Circle and Tether blacklisted addresses holding $67.5 million of the stolen Multichain funds.

The assets taken from the protocol include wETH, wBTC, and USDC. In addition, the attacker got $666,000 from the Dogecoin bridge — resulting in a loss of 85% of total deposits — and $6.8 million from the Moon River bridge.

Nevertheless, the Multichain attack is unusual on two factors; First, they are prepared. Two hours before the attack, the hackers performed three test transactions of $2 each to ensure that they’ll avoid difficulties before their major attack. Second, the post-attack was different as the hackers did not launder the money right away, instead, the money stayed at the addresses for a few days.

Initially, Multichain announced on Twitter that they will begin the investigation and urged users to pause transactions. However, the team later announced that the protocol would indefinitely cease its service.