Lending protocol Geist Finance is shutting down permanently due to losses from the Multichain exploit.
This result has also been impacted by the need for proper valuation for Multichain assets due to the Chainlink oracles tracking genuine USDC, USDT, WBTC, or ETH values.
Before the Multichain breach, the Fantom (FTM) network’s lending system Geist had over $29 million in cryptocurrency assets tied up in its contracts.
The platform allowed users to use bridged Multichain tokens as collateral for borrowing and lending, with Chainlink oracles used to track their prices for valuation. These tokens included USD coin (USDC), tether (USDT), bitcoin (BTC), and Ethereum (ETH).
However, Geist’s most recent piece made it clear that the Chainlink oracles are no longer a dependable source of information. The oracles list the prices of each coin’s non-bridged, or “real,” versions instead of reflecting the values of the Multichain derivatives, which are more than four times higher than the Multichain assets’ value.
The mismatch is because the Multichain assets are currently trading at about 22% of their actual value. Therefore the Chainlink oracles are blind to their true value.
The outcome of the hack
The Multichain team acknowledged that the latest withdrawals on July 7 resulted from a hack in a July 14 update. All of the network’s private key shards were discovered to have been kept in a “cloud server account” that belonged solely to the team’s CEO, whom Chinese authorities had detained.
An individual could siphon money from the protocol thanks to unauthorized access to this cloud server account. It is significant to remember that no single server has access to all of a key’s shards, according to earlier documentation for the protocol.
The statement also claimed that the fee-based attack on July 11 was a counter-exploit launched by the CEO’s sister in response to a request from the Multichain team to retrieve the monies.
The sister was also detained, so it’s unclear what will become of the valuables that she was able to recover. A coding vulnerability cost Arcadia Finance, a decentralized finance (defi) platform, a sizable loss of about $455,000.
The hack was first discovered and reported by the blockchain security company PeckShield, which linked the problem to a code mistake involving unreliable input validation.