In a recent social media announcement on July 14, the development team of Geist Finance, a lending protocol, confirmed its permanent closure. This is due to losses resulting from the Multichain exploit.
This decision comes after Geist contracts were temporarily paused on July 6 and then resumed only for withdrawals and repayments on July 9. The team has now made it clear that there are no plans to reopen lending and borrowing services on Geist.
Geist had provided users with the option to borrow, lend, and use bridged tokens from the Multichain platform as collateral. This was with over $29 million worth of crypto assets locked in its contracts prior to the hack.
These bridged versions included popular tokens such as USD Coin (USDC), Tether (USDT), Bitcoin (BTC), and Ether (ETH). Chainlink oracles were employed by Geist to track the prices of these assets, facilitating collateral and loan valuation.
Chainlink Oracles Misreporting Token Values
However, the recent issue emerged when Chainlink oracles started misreporting the values of Multichain assets. The oracles began listing the values of non-bridged, or “real,” versions of each coin. This was as opposed to reflecting the real values of these assets. Consequently, the displayed values were over four times higher than the values of their Multichain derivatives.
In a statement, the team explained,“Because Chainlink oracles are tracking the value of real USDC, USDT, WBTC, or ETH, they are not aware of the real value of Multichain assets. Those assets are currently trading at around 22% of their real value.”
This misreporting of token values has rendered it “impossible” for Geist Finance to reactivate its lending services. Resuming operations under such circumstances would result in bad debt for holders of non-Multichain coins, including Magic Internet Money (MIM) or Fantom. As a consequence, Geist Finance has concluded that reopening is not feasible given the prevailing conditions.
The Geist Finance team explicitly stated that they do not hold Chainlink oracles responsible for the closure of their platform. The oracles “worked as they should,” and the team placed blame solely on @MultichainOrg.
Multichain Hack Unveiled
Blockchain analytics experts initially reported the Multichain hack on July 7. The exploit resulted in the withdrawal of over $100 million from the Ethereum side of Multichain bridges, including those connected to Dogechain, Fantom, and Moonriver.
Although the Multichain team labeled the transactions as “abnormal” and cautioned users against further utilization of the protocol, they did not explicitly confirm it as a hack or exploit.
Fee-Based Exploit and CEO’s Arrest
On July 11, on-chain sleuth and Twitter user Spreek revealed that an unknown individual had been draining funds from the protocol. This individual accomplished the theft by transferring the funds to fresh wallet addresses using a fee-based exploit.
Later, on July 14, the Multichain team confirmed that the withdrawals that occurred on July 7 were indeed the result of a hack. It was revealed that the network had been storing all shards of its private keys in a “cloud server account”. This server was exclusively controlled by the team’s CEO, who was subsequently arrested by Chinese authorities.
The unauthorized access to this cloud server account allowed the perpetrator to drain funds from the protocol. Previously, the protocol’s documents explicitly stated that no single server had access to all the shards of a key.
According to the July 14 post, the fee-based attack on July 11 was an attempt by the Multichain team to counter-exploit and recover the stolen funds. The CEO’s sister carried out this action on behalf of the team. However, she was subsequently arrested, leaving the status of the recovered assets uncertain.