{"id":6159,"date":"2023-07-03T13:57:54","date_gmt":"2023-07-03T17:57:54","guid":{"rendered":"https:\/\/sikaoer.com\/millions-lost-as-solana-defi-app-cashio-suffers-hack\/"},"modified":"2023-07-03T13:57:54","modified_gmt":"2023-07-03T17:57:54","slug":"millions-lost-as-solana-defi-app-cashio-suffers-hack","status":"publish","type":"post","link":"https:\/\/sikaoer.com\/millions-lost-as-solana-defi-app-cashio-suffers-hack\/","title":{"rendered":"Millions Lost as Solana DeFi App cashio Suffers Hack"},"content":{"rendered":"
\n<\/p>\n
\n
Key Takeaways<\/h3>\n
\n
The Solana stablecoin protocol cashio suffered an “infinite mint glitch” exploit. <\/li>\n
A hacker drained millions of dollars from the protocol and its CASH stablecoin collapsed. <\/li>\n
Crypto Briefing has found several pieces of evidence that suggest the attacker has previously operated under the pseudonym Ariusuha to execute multiple rug pulls in the NFT space. <\/li>\n<\/ul>\n
Share this article<\/h4>\n
The Solana stablecoin protocol cashio has suffered an exploit leading to a complete collapse of its flagship stablecoin, CASH.<\/p>\n
cashio Hacked for Millions<\/strong><\/h2>\n
cashio, a stablecoin protocol on Solana, has suffered a major exploit.<\/p>\n
\n
Please do not mint any CASH. There is an infinite mint glitch.<\/p>\n
We are investigating the issue and we believe we have found the root cause. Please withdraw your funds from pools. We will publish a postmortem ASAP.<\/p>\n
\u2014 Cashio ($CASH) 💵 (@CashioApp) March 23, 2022<\/p>\n<\/blockquote>\n
The cashio team announced the incident on Twitter early Wednesday. \u201cPlease do not mint any CASH,\u201d the team wrote. \u201cThere is an infinite glitch.\u201d It also said it was investigating the issue and had found the likely root cause.<\/p>\n
cashio is a Solana-based DeFi application that lets users mint CASH stablecoins. On cashio, all deposits are backed by interest-bearing liquidity provider tokens. For example, someone can provide liquidity with USDT and USDC to mint CASH. In this incident, the hacker found a vulnerability that allowed them to mint an infinite supply CASH without having the sufficient backing.<\/p>\n
According to <\/span>data from Solscan<\/span>, the attacker minted two billion CASH stablecoins and then swapped them for other paired assets (mostly other stablecoins) via the decentralized exchange Saber. Per <\/span>Defi Llama<\/span> data, the hacker drained about $28 million worth of liquidity from the exchange. Saber posted an update announcing that it had paused its CASH liquidity pools following the incident.\u00a0<\/span><\/p>\n
As a result of the exploit, CASH, whose value is supposed to be pegged to the U.S. dollar, has completely collapsed.<\/span><\/p>\nCASH\/USD chart (Source: CoinGecko)<\/figcaption><\/figure>\n
While the precise extent of the damage from the attack is still officially unknown, the renowned crypto security researcher known as samczsun on Twitter said that the losses amounted to about $50 million based on their \u201cquick skim,\u201d of the on-chain data.<\/p>\n
Update: Upon further investigation, Crypto Briefing has found that the person behind the cashio attack could be linked to multiple NFT-related rug pulls, including those of the ill-fated Balloonsville, Doodle Dragonz, and Fine Folk projects. The trail of evidence suggests that the person behind the cashio exploit is a 16-year-old male who used the pseudonym <\/span>Ariusuha<\/span> on Twitter and Discord before deleting his accounts.<\/span><\/p>\nSource: Solactivity<\/figcaption><\/figure>\n
On-chain data shows that the hacker\u2019s address, commencing <\/span>6D7f<\/span>, was initially <\/span>funded<\/span> from another address commencing <\/span>sWZs<\/span>. A member of the Solana NFT community known as suavae has previously <\/span>linked<\/span> the sWZs address to several wallets directly connected to the exploits of the aforementioned Solana NFT projects.\u00a0<\/span><\/p>\n
Before executing multiple rug pulls in the space, Ariusuha had tried to become an NFT influencer within the Solana NFT community. A re-uploaded <\/span>YouTube video<\/span>, shared by suavae and allegedly originally published by Ariusuha, shows them discussing popular Solana NFT projects and revealing their age. \u201cMy name is Ariusuha. I\u2019m 16 years-old, OK,\u201d they say in what appears to be a male voice. \u201cThere is no place where you can just look and just get an unbiased opinion, just a real opinion from a young person, \u2018cause there\u2019s loads of young investors in NFTs but there\u2019s no like, y\u2019know, there\u2019s no like big dog, y\u2019know a young investor, who\u2019s like telling you guys. I have money, by the way, I\u2019m not doing this for money,\u201d they add.\u00a0<\/span><\/p>\n
Searching the NFT marketplace OpenSea <\/span>reveals<\/span> that a user opened an account under the same name \u201cAriusuha\u201d in February 2022. The account is connected to an Ethereum wallet commencing <\/span>0x61f<\/span> and uses an avatar that bears a striking resemblance to the NFTs featured in the Solana-based project <\/span>Solana Monkey Business<\/span>.\u00a0<\/span><\/p>\n
A quick search using the Breadcrumbs app\u2019s transaction mapping tool shows that Ariusuha\u2019s 0x61f wallet has previously received funds from FTX, a centralized exchange that requires identification documents to open an account.\u00a0<\/span><\/p>\nSource: breadcrumbs<\/figcaption><\/figure>\n
Moreover, Breadcrumbs data shows that 0x61f has also received funds from another wallet commencing <\/span>0xcDd<\/span>, which has previously been funded via FTX and Binance. Given that the address is linked to interactions with multiple centralized exchanges, if the \u201cAriusuha\u201d using Ethereum is the same person behind the incidents on Solana, it is likely only a matter of time before the person behind the cashio attack is uncovered.<\/span><\/p>\n
Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.<\/p>\n
Share this article<\/h4>\n
\n
\n
The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.<\/p>\n
You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.<\/p>\n
See full terms and conditions.<\/p>\n<\/div>\n<\/div><\/div>\n
![\"\"](\"data:image\/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\"\/)
![\"\"](\"https:\/\/static.cryptobriefing.com\/wp-content\/uploads\/2022\/03\/23115403\/solactivity.info-on-chain-data-868x278.png\")
![\"\"](\"https:\/\/static.cryptobriefing.com\/wp-content\/uploads\/2022\/03\/23115650\/on-chain-data-of-0x61f-eth-wallet-434x440.png\")