Lending protocol Geist Finance is shutting down permanently due to losses from the Multichain exploit, according to a July 14 social media post from the app’s development team. Geist contracts were paused on July 6, then resumed in “withdraw and repay only” mode on July 9. The latest post confirms the team does not plan to reopen lending and borrowing on Geist.
1/2 After confirmation from Multichain that the funds will not be recovered, we are announcing that Geist will not reopen. Because Chainlink oracles are tracking the value of real USDC, USDT, WBTC or ETH, they are not aware of the real value of Multichain assets.
— Geist Finance (@GeistFinance) July 14, 2023
Geist is a lending protocol running on the Fantom network. It had over $29 million worth of crypto assets locked in its contracts before the Multichain hack. Before the hack, Geist allowed users to borrow, lend or use bridged tokens from the Multichain platform as collateral, including bridged versions of USD Coin (USDC), Tether (USDT), Bitcoin (BTC) and Ether (ETH). It used Chainlink oracles to track the prices of these assets to determine their collateral and loan values.
According to the post, these oracles have stopped producing reliable information. They are now listing the values of the non-bridged, or “real,” versions of each coin, which are more than four times the value of their Multichain derivatives, as the team explained:
“Because Chainlink oracles are tracking the value of real USDC, USDT, WBTC or ETH, they are not aware of the real value of Multichain assets. Those assets are currently trading at around 22% of their real value.”
This makes it “impossible” to reenable lending, as doing so would result in bad debt for holders of non-Multichain coins such as Magic Internet Money (MIM) or Fantom (FTM), the team stated. As a result, Geist will not be able to reopen.
Related: Circle, Tether freezes over $65M in assets transferred from Multichain
The team clarified it is not blaming Chainlink oracles for Geist’s closure, as these oracles “worked as they should.” Instead, “Nobody is to blame except @MultichainOrg here.”
Blockchain analytics experts first reported the Multichain hack on July 7. Over $100 million had been withdrawn from the Ethereum side of Multichain bridges, including those for Dogechain, Fantom and Moonriver. The Multichain team called the transactions “abnormal” and warned users to stop using the protocol. However, the team stopped short of calling it a hack or exploit.
On July 11, on-chain sleuth and Twitter user Spreek reported that an unknown individual was draining funds from the protocol and sending them to fresh wallet addresses using a fee-based exploit.
On July 14, the Multichain team confirmed that the withdrawals from July 7 had been the result of a hack. The network had been storing all shards of its private keys in a “cloud server account” under the sole control of the team’s CEO, who was arrested by Chinese authorities. This cloud server account was later accessed by someone and used to drain funds from the protocol. The team previously stated in the protocol’s documents that no single server had access to all of the shards of a key.
According to the July 14 post, the July 11 fee-based attack was a counter-exploit initiated by the CEO’s sister at the behest of the Multichain team in an attempt to recover funds. The sister was later arrested, and the status of the assets she recovered is “uncertain.”