Geist Finance, a lending protocol operating on the Fantom network, has announced its permanent shutdown following significant losses resulting from the Multichain exploit. In a social media post on July 14, the Geist development team confirmed that lending and borrowing activities would not be reopened.
1/2 After confirmation from Multichain that the funds will not be recovered, we are announcing that Geist will not reopen. Because Chainlink oracles are tracking the value of real USDC, USDT, WBTC or ETH, they are not aware of the real value of Multichain assets.
— Geist Finance (@GeistFinance) July 14, 2023
The protocol’s contracts were initially paused on July 6, followed by a resumption in “withdraw and repay only” mode on July 9. However, the latest announcement confirmed that Geist will not resume full operations due to the inability to provide reliable information through Chainlink oracles.
Geist allowed users to borrow, lend, and use bridged tokens from the Multichain platform as collateral. These tokens included bridged versions of popular cryptocurrencies like USD Coin (USDC), Tether (USDT), Bitcoin, and Ether. Chainlink oracles were used to track the prices of these assets and determine their collateral and loan values.
The problem arose when the Chainlink oracles began listing the values of the non-bridged, or “real,” versions of each coin. These values were more than four times higher than their Multichain derivatives. The Geist team explained that this discrepancy made it impossible to reenable lending, as it would result in bad debt for holders of non-Multichain coins. Geist could not risk reopening under these circumstances.
“Because Chainlink oracles are tracking the value of real USDC, USDT, WBTC or ETH, they are not aware of the real value of Multichain assets. Those assets are currently trading at around 22% of their real value.”
Crypto lender Geist claims
It is important to note that the Geist team explicitly stated that they do not blame Chainlink oracles for the closure. The oracles performed as expected. Instead, they placed the blame on MultichainOrg, stating that “Nobody is to blame except @MultichainOrg here.”
The Multichain hack was initially reported by blockchain analytics experts on July 7. Over $100 million had been withdrawn from the Ethereum side of Multichain bridges, including those for Dogechain, Fantom, and Moonriver. Although the Multichain team referred to the transactions as “abnormal” and advised users to stop using the protocol, they did not label it as a hack or exploit.
On July 11, a Twitter user named Spreek, known for on-chain investigations, reported an individual draining funds from the protocol using a fee-based exploit. This individual was sending the funds to new wallet addresses.
Finally, on July 14, the Multichain team confirmed that the withdrawals on July 7 resulted from a hack. The network had stored all shards of its private keys in a cloud server account solely controlled by the team’s CEO, who was subsequently arrested by Chinese authorities. An unauthorized party gained access to this cloud server account and drained funds from the protocol. It should be noted that the protocol’s documents stated that no single server had access to all key shards.
Regarding the fee-based attack on July 11, it was revealed that the Multichain team initiated this counter-exploit through the CEO’s sister in an attempt to recover the stolen funds. Unfortunately, the sister was also arrested, and the status of the assets she recovered remains uncertain