Skip to content
  • Sunday, May 11, 2025
  • Press Release
  • Advertise
  • Subscribe
  • Contact
BitcoinEthereumNews.com

BitcoinEthereumNews.com

Live Updated Worldwide News Related To Bitcoin, Ethereum, Crypto, Blockchain, Technology, Economy. Updated Every Minute. Available In All Languages.

  • Home
  • All News
  • Bitcoin
  • Ethereum
  • Crypto
  • Finance
  • Tech
  • NFT
  • Blockchain
  • Home
  • Tech
  • ‘Another Day, Another Solana Fake Account Exploit’, Here’s What Happened With Cashio (CASH)

Tech

‘Another Day, Another Solana Fake Account Exploit’, Here’s What Happened With Cashio (CASH)

03/24/2022
Bitcoin Ethereum News

Cashio (CASH), a Solana-native stablecoin, plummeted down by 98% in value in a matter of hours.

Source:Defillama

Soon after which, 0xghostchain, the developer who launched the decentralized money platform, took to Twitter to state that they are investigating the issues on CashioApp. Turns out, it was an “infinite mint glitch”, and users were warned against minting any CASH.

Please do not mint any CASH. There is an infinite mint glitch.

We are investigating the issue and we believe we have found the root cause. Please withdraw your funds from pools. We will publish a postmortem ASAP.

— Cashio ($CASH) ? (@CashioApp) March 23, 2022

According to Security researcher Samczsun’s initial estimates, Cashio could have lost close to $50 million in the attack.

Just to reiterate, Cashio DAO came into existence some five months back to provide a yield-boost platform for CASH-paired stable liquidity providers (LPs).

Cashio allowed users to mint and burn (withdraw) the CASH stablecoin.

What was the Glitch?

Samczsun explained that the hackers created fake accounts for the rug pull. He noted, “Cashio didn’t establish a root of trust for all of the accounts it used, an attacker was able to steal approximately $50M by forging a chain of fake accounts.”

Generally, users will have to deposit collateral to mint new CASH. However, in this case, validation became “meaningless”. According to Samczsun, the cross-program invocation (CPI) will transfer tokens from one account to the protocol’s account, only if the two accounts hold the same type of token. Otherwise, the transfer is rejected.

However, the security researcher pointed out that due to a missing “trusted root,” the mint field on the arrow account was never validated. He noted, “The attacker just created fake accounts all the way down and then chained it all the way back up until they finally made a fake crate_collateral_tokens account.”

At the time of writing, Cashio $CASH TVL stands at $579,701 on Defillama.

What is noteworthy is that dApp attacks have become common lately, as interest in the sector peaks. A day before this incident, DeFiance Capital founder Arthur_0x also reportedly lost more than $1.5 million in a hot wallet attack. However, when it comes to Solana, it has come under some criticism in the past months for its lax security. 

Solana security hole needs fixing asap?

Seems their consensus proceeds with only 33% of the nodes

Hard math proofs show you need 66%+ for safety. No ifs no buts

Possibilities: 1) is insecure, 2) is centralized, or 3) they’ve broken Computer Science (unlikely) pic.twitter.com/yqfW3QnfeK

— dom.icp ∞ (@dominic_w) February 3, 2022

Despite that, the Ethereum-killer has managed to grow by onboarding new decentralized applications. Just today, decentralized exchange (DEX) Orca announced its new concentrated liquidity offering, Whirlpools, on the Solana ecosystem.

What do you think about this subject? Write to us and tell us!

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.

Source: https://beincrypto.com/solana-fake-account-exploit-on-cashio-how-it-happened/

Tags: Account, Cash, Cashio, Day, Exploit, Fake, Happened, Heres, Solana

Post navigation

5 Reasons to Buy Tether Now
Starbucks Stock Has Gotten Crushed. This Analyst Says It’s Time to Buy.
Press Release

Advertise

Subscribe

Privacy Policy

Contact