Lending protocol Geist Finance has permanently shut down due to losses from the Multichain exploit, according to a July 14 social media post from the app’s development team. Geist contracts were suspended on July 6, then resumed in “withdraw and repay only” mode on July 9. The latest post confirms that the team does not plan to reopen Geist lending and borrowing.
1/2 After confirmation from Multichain that the funds will not be recovered, we announce that Geist will not reopen. Because Chainlink oracles track the value of real USDC, USDT, WBTC or ETH, they do not know the real value of Multichain assets.
– Geist Finance (@GeistFinance) July 14, 2023
Geist is a lending protocol that runs on the Fantom network. It had over $29 million worth of crypto assets locked in its contracts before the Multichain hack. Before the hack, Geist allowed users to borrow, lend or use bridged tokens from the Multichain platform as collateral, including bridged versions of USD Coin (USDC), Tether (USDT), Bitcoin (BTC ) and Ether (ETH). It uses Chainlink oracles to track the prices of these assets to determine their collateral and loan amount.
According to the post, these oracles stopped producing reliable information. They now list the values of the non-bridged, or “real,” versions of each coin, which are more than four times the value of their Multichain derivatives, as the team explained:
“Because Chainlink oracles track the value of real USDC, USDT, WBTC or ETH, they don’t know the real value of Multichain assets. These assets are currently trading at around 22% of their real value .”
This makes it “impossible” to re-enable lending, as doing so would result in bad debt for holders of non-Multichain coins such as Magic Internet Money (MIM) or Fantom (FTM), the team says. Because of this, Geist will not be able to open again.
Related: Circle, Tether freeze over $65M in assets transferred from Multichain
The team clarified that it does not blame Chainlink’s oracles for shutting down Geist, as these oracles are “working as they should.” Instead, “There is no one to blame but @MultichainOrg here.”
Blockchain analytics experts first reported the Multichain hack on July 7. More than $100 million was withdrawn from Ethereum’s share of Multichain bridges, including those for Dogechain, Fantom and Moonriver. The Multichain team called the transactions “abnormal” and warned users to stop using the protocol. However, the group stopped short of calling it a hack or exploit.
On July 11, on-chain sleuth and Twitter user Spreek reported that an unknown person was draining funds from the protocol and sending them to new wallet addresses using an exploited payment.
On July 14, the Multichain team confirmed that the withdrawals from July 7 were the result of a hack. The network stores all of its private keys in a “cloud server account” under the sole control of the team’s CEO, who was arrested by Chinese authorities. This cloud server account was later accessed by someone and used to drain funds from the protocol. The team previously stated in the protocol documents that no single server has access to all shards of a key.
According to the July 14 post, the July 11 payment-based attack was a counter-exploit initiated by the CEO’s brother at the behest of the Multichain team in an attempt to recover the funds. The sister was later arrested, and the status of the assets she recovered was “uncertain.”