Geist Finance has decided not to reopen after Multichain’s confirmation that the funds will remain unrecoverable.
The unavailability of accurate valuation for Multichain assets due to the Chainlink oracles tracking real USDC, USDT, WBTC, or ETH values, has further contributed to this outcome.
Resume borrowing activities
Geist, a lending protocol operating on the Fantom (FTM) network, had over $29 million worth of cryptocurrency assets locked in its contracts before the Multichain hack. The platform allowed users to utilize bridged tokens from Multichain, such as USD coin (USDC), tether (USDT), bitcoin (BTC), and ethereum (ETH), as collateral for borrowing and lending, with Chainlink oracles used to track their prices for valuation.
However, the recent post from Geist revealed that the Chainlink oracles no longer provide reliable information. Instead of reflecting the values of the Multichain derivatives, the oracles list the prices of each coin’s non-bridged, or “real,” versions, which are over four times higher than the Multichain assets’ value.
This discrepancy arises because the Chainlink oracles are unaware of the actual worth of the Multichain assets, as they are currently trading at approximately 22% of their real value.
The result of a hack
In an update on July 14, the Multichain team confirmed that the recent withdrawals, which occurred on July 7, were the result of a hack. It was revealed that all the shards of the network’s private keys had been stored in a “cloud server account” under the exclusive control of the team’s CEO, who had been arrested by Chinese authorities.
Unauthorized access to this cloud server account allowed an individual to drain funds from the protocol. It is important to note that the protocol’s documents had previously stated that no single server had access to all the shards of a key.
Additionally, the post stated that the fee-based attack on July 11 was a counter-exploit initiated by the CEO’s sister, acting upon the Multichain team’s instructions to recover the funds. However, the sister was also arrested, and the status of the assets she managed to retrieve remains uncertain.
Arcadia Finance, a decentralized finance (defi) protocol, suffered a substantial loss of around $455,000 due to a code exploit. The breach was initially identified and disclosed by PeckShield, a blockchain security firm, which traced the incident back to a coding error related to untrusted input validation.