Geist Finance decided not to reopen it after Multichain confirmed that the funds would remain non-refundable.
The lack of accurate valuation of Multichain assets due to Chainlink oracles tracking real USDC, USDT, WBTC or ETH values contributed to this finding.
Resumption of borrowing activities
Geist, a lending protocol operating on the Fantom Network (FTM), had over $29 million in cryptocurrency assets locked into its contracts prior to the Multichain hack. The platform allowed users to use Multichain tokens, such as USD Coin (USDC), Tether (USDT), Bitcoin (BTC), and Ethereum (ETH), as collateral to borrow and lend, while also using Chainlink oracles to track their prices for valuation.
However, the last post It is Geist that the Chainlink oracle is no longer providing reliable information. Instead of reflecting the values of the Multichain derivatives, the oracles list the prices of each coin without the bridge, or “real” issues, which are four times more than the value of the Multichain assets.
This discrepancy arises because Chainlink oracles are unaware of the actual value of Multichain assets, as they are currently trading at around 22% of their real value.
hack result
In an update dated July 14, the Multichain team confirmed that the most recent withdrawals, which occurred on July 7, were the result of a hack. It was revealed that all parts of the network’s private keys had been stored in a “cloud server account” under the exclusive control of the team’s CEO, who was arrested by the Chinese authorities.
Unauthorized access to this cloud server account allowed an individual to drain funds from the protocol. It is important to note that the protocol documentation previously stated that no single server has access to all parts of a key.
Additionally, the post mentioned that the fee-based attack on July 11 was a counter-exploit initiated by the CEO’s sister, as instructed by the Multichain recovery team. However, the sister was also arrested, and the status of the assets she was able to recover remains uncertain.
Arcadia Finance, a decentralized finance (challenged) protocol, suffered a significant loss of around $455,000 due to exploiting the code. The breach was initially identified and disclosed by PeckShield, a blockchain security firm, who traced the incident to a coding error related to the validation of untrusted input.