Crypto lender Geist Finance shuts down permanently over Multichain hack
Geist Finance, a crypto lending protocol, has announced its permanent closure as a result of substantial losses stemming from the Multichain hack. In a social media post on July 14, the development team confirmed that Geist contracts were initially paused on July 6 and then resumed in a limited “withdraw and repay only” mode on July 9. However, the latest announcement solidifies the team’s decision not to reopen lending and borrowing on the Geist platform.
Geist operated as a lending protocol on the Fantom network and had approximately million worth of crypto assets locked in its contracts prior to the Multichain hack. The platform allowed users to borrow, lend, or use bridged tokens from the Multichain platform as collateral, including popular assets such as USD Coin, Tether, Bitcoin, and Ether. Chainlink oracles were utilized to track the prices of these assets, determining their collateral and loan values.
Geist Finance team says Chainlink oracles have ceased to produce accurate data
However, the Geist team revealed that the Chainlink oracles, which previously provided reliable information, have ceased to produce accurate data. Instead, they are now listing the values of the non-bridged, or “real,” versions of each coin, which are significantly higher than their Multichain derivatives. The team explained that the Chainlink oracles track the value of real assets like USDC, USDT, WBTC, and ETH, but they are unaware of the actual value of Multichain assets, which are currently trading at approximately 22% of their real value. This situation renders it impossible to reintroduce lending, as it would result in holders of non-Multichain coins, such as Magic Internet Money (MIM) or Fantom, incurring bad debt.
The Geist team made it clear that they do not attribute blame to Chainlink oracles for the closure of Geist, as the oracles functioned as intended. Instead, they emphasized that @MultichainOrg bears sole responsibility.
Blockchain analytics experts initially reported the Multichain hack on July 7, noting that over $100 million had been withdrawn from the Ethereum side of Multichain bridges, including those associated with Dogechain, Fantom, and Moonriver. While the Multichain team described these transactions as “abnormal” and advised users to cease utilizing the protocol, they stopped short of officially classifying it as a hack or exploit.
On July 11, a Twitter user named Spreek, known for on-chain investigations, reported an ongoing fund drain from the protocol, with funds being sent to new wallet addresses using a fee-based exploit.
Confirming the earlier withdrawals on July 7, the Multichain team stated on July 14 that they were indeed the result of a hack. The network had stored all shards of its private keys in a cloud server account solely controlled by the CEO, who was subsequently arrested by Chinese authorities. The compromised cloud server account was later accessed by an unidentified individual to drain funds from the protocol. The team had previously stated in the protocol’s documentation that no single server possessed access to all shards of a key.
According to the post on July 14, the fee-based attack on July 11 was initiated by the CEO’s sister, acting upon the Multichain team’s request to recover funds. However, the sister was subsequently arrested, leaving the status of the assets she managed to recover uncertain.
Multichain halts all operations, CEO Zhaojun and his sister detained
Multichain, a prominent bridging protocol in the cryptocurrency space, has announced the cessation of its operations following the detention of CEO Zhaojun and his sister by Chinese authorities. In a Twitter thread on Friday, Multichain explained that it was compelled to take this action due to a lack of alternative sources of information and corresponding operational funds. On May 21, Zhaojun was apprehended by Chinese police, who confiscated his computers, phones, hardware wallets, and mnemonic phrases. Subsequently, his sister was taken into custody on Thursday.
1. On May 21, 2023, Multichain CEO Zhaojun was taken away by the Chinese police from his home and has been out of contact with the global Multichain team ever since. The team contacted the MPC node operators and learned that their operational access keys to MPC node servers had…
— Multichain (Previously Anyswap) (@MultichainOrg) July 14, 2023
The Multichain team has been unable to establish contact with Zhaojun and has been sustaining day-to-day operations by relying on continued access to servers that have not been revoked. They have also received assistance from Zhaojun’s sister, who conducted a “preservation action” by transferring the remaining user assets in the router pool. However, with the sister now unreachable, the status of the preserved assets remains uncertain, as stated by Multichain.
The vulnerability of the protocol became evident last week when it fell victim to an exploitation that resulted in the draining of funds from various token bridges, amounting to $130 million. Multichain shared information from Zhaojun’s sister, indicating that login information from an IP address in Kunming was discovered on the cloud server platform. Additionally, a series of operations were conducted to transfer funds from the MPC addresses, as detailed in the Twitter thread provided by Multichain.