The hacker who stole $52M from Solana-based Cashio protocol on March 23, 2022, by exploiting an incomplete collateral validation system for minting $CASH, is demanding justifications from liquidity providers as to why they should be refunded.
The perpetrator requested victims who lost more than $100K to submit a justification stating why their funds should be returned, saying that they would not refund wealthy Americans and Europeans and that their “intention was to take money from those who do not need it, not from those who do.” The hacker embedded this message in an Ethereum transaction early Monday morning. A Cashio community vendor set up a website for victims to submit responses, using a template provided by the hacker. All victims losing under $100K have been reimbursed.
How did the attack happen?
To mint new $CASH tokens, stablecoins backed by USDC and Tether from liquidity providers, a user needs to deposit collateral into a collateral account owned by Cashio that exceeds the amount minted. The deposit must pass a battery of tests to ensure that the tokens deposited match the type in the protocol’s accounts.
Cashio’s smart contract checked that the token type matched that of the saber_swap.arrow account, but performed no check on the “mint” parameter in the saber_swap.arrow account, enabling the creation of a fake saber_swap.arrow account to allow a fake crate_collateral_tokens account that made it possible to deposit worthless collateral.
After minting two billion $CASH using the fake collateral, the attacker withdrew $52M worth of USDC and Tether, swapping the stablecoins for ETH using Paraswap and Curve after that. The attack lasted an hour. The $CASH token plummeted from its intended dollar peg to almost zero in the wake of the attack.
Saber works with Cashio to pause withdrawals
Following the hack, the team from Saber, the cross-chain automated market maker on Solana, paused all withdrawals into Cashio and worked with Cashio to freeze their smart contracts after that. An automated market maker is a type of smart contract that regulates the prices of different tokens based on their abundance or scarcity in a liquidity pool, charging for token swaps (e.g. swapping ETH for BAT) to pay liquidity providers.
Decentralized Finance applications depend on people depositing liquidity into a liquidity pool. The more of a particular token, the lower its price will be for swapping.
The Saber team is offering a $1M reward for information leading to the attacker’s arrest.
What do you think about this subject? Write to us and tell us!