{"id":21656,"date":"2022-03-23T17:47:57","date_gmt":"2022-03-23T16:47:57","guid":{"rendered":"https:\/\/coinscreed.com\/staging\/?p=21656"},"modified":"2022-03-23T18:11:52","modified_gmt":"2022-03-23T17:11:52","slug":"cashio-crashes-to-zero-after-hack","status":"publish","type":"post","link":"https:\/\/coinscreed.com\/staging\/cashio-crashes-to-zero-after-hack\/","title":{"rendered":"Cashio crashes to zero after multi million dollar hack"},"content":{"rendered":"\n
Attackers exploited an “unlimited mint bug” to rob Cashio, a Solana-based stablecoin<\/a> project, off millions of dollars.<\/h5>\n\n\n\n
\"Cashio<\/figure>\n\n\n\n

After an “unlimited mint flaw” allowed attackers to manufacture tokens without providing collateral, the price of Cashio's dollar-pegged stablecoin CASH dropped drastically from $1 to $0.00005.<\/p>\n\n\n\n

oxGhostChain, a Cashio developer, took to Twitter to offer a warning “”We believe we have uncovered the root problem,” the team said, adding that they are investigating the issue. <\/p>\n\n\n\n

“Please take your money out of the pools. A postmortem will be published as soon as possible”, tweeted oxGhostChain\r\n \r\n \r\n \r\n <\/g>\r\n \r\n \r\n \r\n <\/clipPath>\r\n <\/defs><\/svg><\/span><\/a>.<\/p>\n\n\n\n

According to a report, the hack has drained around $28 million from Cashio's protocol. <\/p>\n\n\n\n

Nonetheless, Samczsun, a research partner at Web3<\/a> investment company Paradigm, painted a bleaker picture today on Twitter.<\/p>\n\n\n\n

According to the researcher, “Another day, another Solana phishing scam<\/a>. Cashio App lost roughly $50 million this time (based on a quick skim). What caused this to happen?”<\/p>\n\n\n\n

\n

Another day, another Solana fake account exploit. This time, @CashioApp<\/use><\/svg><\/span><\/a> lost around $50M (based on a quick skim). How did this happen? pic.twitter.com\/t7ThWL4zr1<\/use><\/svg><\/span><\/a><\/p>— samczsun (@samczsun) March 23, 2022<\/use><\/svg><\/span><\/a><\/blockquote>

The project has not responded to any request for confirmation of how much they actually lost.<\/p>\n\n\n\n

Cashio Dollar is a stablecoin based on Solana<\/a> that was launched in November 2021.<\/p>\n\n\n\n

Anyone can literally create CASH by depositing Saber USDT-USDC liquidity provider (LP) tokens first.<\/p>\n\n\n\n

Saber is a decentralized Solana exchange similar to Uniswap. <\/p>\n\n\n\n

Users who deposit tokens into Saber's liquidity pools earn LP tokens, which represent a token of their deposit.<\/p>\n\n\n\n

Cashio theft not actually the first<\/h2>\n\n\n\n

This isn't the first time that a DeFi <\/a>protocol has been plundered<\/a> for millions of dollars thanks to a “infinite mint” bug.<\/p>\n\n\n\n

A group of DeFi engineers used a similar vulnerability on the DeFi insurance project Cover in December 2020, generating bogus tokens to supply liquidity to Balancer.<\/p>\n\n\n\n

The attackers then exchanged the staked tokens for COVER tokens, which they sold repeatedly on exchanges.<\/p>\n\n\n\n

The overall loss from the hack was $3 million, which was reportedly returned in full, along with a letter reading, “Next time, take care of your own shit.”<\/p>\n\n\n\n

\n

Next time, take care of your own shit.@CoverProtocol<\/use><\/svg><\/span><\/a> @chefcoverage https:\/\/t.co\/ks94ucdoRQ<\/use><\/svg><\/span><\/a>

1. No gains.
2. The Obtained Funds from LP has been returned to COVER.<\/p>— Grap.finance (@GrapFinance) December 28, 2020<\/use><\/svg><\/span><\/a><\/blockquote>

A similar story happened to SafeDollar last summer after hackers stole around $250,000 worth of stablecoins from the platform's liquidity pools, driving the price of SafeDollar's eponymous dollar-pegged stablecoin to zero, and then fenced the stolen coins on PolyDex.<\/p>\n","protected":false},"excerpt":{"rendered":"

Attackers exploited an “unlimited mint bug” to rob Cashio, a Solana-based stablecoin project, off millions of dollars. After an “unlimited mint flaw” allowed attackers to manufacture tokens without providing collateral, the price of Cashio’s dollar-pegged stablecoin CASH dropped drastically from $1 to $0.00005. oxGhostChain, a Cashio developer, took to Twitter to offer a warning “”We […]<\/p>\n","protected":false},"author":34,"featured_media":21665,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[21],"tags":[8284,8285,275],"class_list":["post-21656","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-cashio","tag-defi-hack","tag-solana"],"jetpack_featured_media_url":"https:\/\/coinscreed.com\/staging\/wp-content\/uploads\/2022\/03\/images-2022-03-23T173743.677.jpeg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/21656","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/users\/34"}],"replies":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/comments?post=21656"}],"version-history":[{"count":0,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/posts\/21656\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media\/21665"}],"wp:attachment":[{"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/media?parent=21656"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/categories?post=21656"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/coinscreed.com\/staging\/wp-json\/wp\/v2\/tags?post=21656"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}