- Cashio(CASH), a native stablecoin of Solana, experienced an “infinite mint glitch”.” As per the estimates, Cashio might have lost $50 million in the attack.
- In just a span of a few hours, the native stablecoin of Solana reduced in value by 98%.
- With more people taking an interest in the sector, the dApps attacks are also increasing lately. Founder of DeFiance Capital, Arthur_0x, lost around $1.5 million in a hot wallet attack.
A Solana-native stablecoin, Cashio(CASH), has dropped down by 98% in value in the span of a few hours.
Shortly after, the developer behind the decentralized money platform, 0xghostchain, in a tweet, informed that they are doing an investigation on the issues on CashioApp. An “infinite mint glitch” was found out, and users are warned against minting any CASH.
There was the possibility that Cashio might have lost around $50 million in the attack, according to initial estimates of the Security researcher Samczsun.
Cashio DAO has launched just around five months ago in order to provide a yield-boost platform for CASH-paired stable liquidity providers (LPs). Users were allowed to mint and burn the stablecoin, CASH.
ALSO READ – Blockchain and the music industry have a lot in common
What Did Exactly Happen?
The hackers made a fake account for the rug pull, explains Samczsun. Further, he pointed out that Cashio failed to establish a trust for all accounts it makes use of since an attacker, by creating different fake accounts, stole around $50M.
The users usually have to deposit collateral in order to mint new CASH. But in this scenario, the validation becomes “meaningless.” The cross-program invocation(CPI) will be transferred to the protocol’s account from one account on the condition that both the accounts hold the same type of token; the transfer will be rejected otherwise.
Because of the missing “trusted root,” the mint field on the arrow account will never be validated, notes the security researcher. He points out that the attackers just made “fake accounts all the way down and then chained it all the way back up until they finally made a fake crate_collateral_tokens account.”
As more people take interest in the sector, the dApps attacks have become quite common lately. Just a day before the incident, Arthur_0x, founder of DeFiance Capital, has lost over $1.5 million in an attack on his hot wallet. However, over the past months, due to its light security Solana has gathered quite a criticism.
Ever after that, the Ethereum competitor managed to expand itself by launching new decentralized applications. Orca, a decentralized exchange, disclosed its latest concentrated liquidity offering, Whirlpools, on the Solana ecosystem.
Source: https://www.thecoinrepublic.com/2022/03/24/solana-suffers-another-attack-find-all-the-details-of-cashio-cash-hack/