News
Decoding the if, but, and so of ‘Cashio Hack’
DeFi hacks have become a major concern for the entire crypto ecosystem. In a recent incident, Solana’s stablecoin project Cashio lost $50 million in a hack. Dozens of victims were left shocked after the CASH stablecoin plummeted to a low of $0.00005 right after the exploit.
What happened?
According to CashioApp, the hacker exploited an “infinite mint” glitch on the network to create counterfeit CASH. The attacker created about two billion additional tokens of the cryptocurrency, which he swapped for other kinds of stablecoins via CashioApp, as per an investigation by blockchain intelligence company TRM Labs.
Please do not mint any CASH. There is an infinite mint glitch.
We are investigating the issue and we believe we have found the root cause. Please withdraw your funds from pools. We will publish a postmortem ASAP.
— Cashio ($CASH) ? (@CashioApp) March 23, 2022
Further data by TRM Labs suggested that the hacker moved the funds using the Jupiter and Wormhole bridge. Later the funds were moved from Solana to the Ethereum blockchain and were then exchanged for ETH. Thereafter, the attacker decided to return the money to accounts that held less than $100,000 among those affected. Curiously, the hacker announced,
“all other money will be donated to charity.”
Divulging the details, security researcher Samczsun explained the hack in a tweet.
Another day, another Solana fake account exploit. This time, @CashioApp lost around $50M (based on a quick skim). How did this happen? pic.twitter.com/t7ThWL4zr1
— samczsun (@samczsun) March 23, 2022
It’s astonishing to note that this wasn’t the first hack of March 2022.
Where’s another case study for March?
Well, on 15 March, a crypto derivatives platform Deus Finance was also exploited in which over three million USDC tokens were stolen from Deus. A blockchain security company Peck Shield Inc, shared the details of the hack stating,
“The hack is made possible due to the flashloan-assisted manipulation of price oracle that reads the price from the pair of StableV1 AMM – USDC/DEI, so that even normal users unfortunately become insolvent!”
Reportedly, the hacker washed the funds from Tornado Cash after tunneling them to Fantom via a cross-chain router, Multichain. Evidently, the growing number of DeFi exploits has contributed a major share to crypto crimes.
Is crypto crimes a growing trend?
Well, in “The 2022 Crypto Crime Report”, Chainalysis noted that the crimes related to the crypto industry significantly increased in 2021.
“2021 was a big year for digital thieves. Throughout the year, $3.2 billion in cryptocurrency was stolen from individuals and services — almost 6x the amount stolen in 2020. Approximately $2.3 billion of those funds were stolen from DeFi platforms in particular, and the value stolen from these protocols catapulted 1,330%.”
Now, even though the crypto industry continues to grow, investors don’t seem to be at peace given the rise in crypto crimes. Even so, thorough auditing of the protocols would surely help to keep hacks at bay.