Skip to content
  • Tuesday, November 5, 2024
  • Press Release
  • Advertise
  • Subscribe
  • Contact
  • Donate
BitcoinEthereumNews.com

BitcoinEthereumNews.com

Live Updated Worldwide News Related To Bitcoin, Ethereum, Crypto, Blockchain, Technology, Economy. Updated Every Minute. Available In All Languages.

Banner Add
  • Home
  • Market Cap
  • Top Gains
  • Top Losses
  • All News
  • Bitcoin
  • Ethereum
  • Crypto
  • Finance
  • Tech
  • NFT
  • Blockchain
  • Home
  • Tech
  • Solana-Based App Lost $50 Million Due to Fake Account Exploit, Here’s How

Tech

Solana-Based App Lost $50 Million Due to Fake Account Exploit, Here’s How

03/23/2022
Bitcoin Ethereum News

article image

Arman Shirinyan

CashioApp loses $50 million because of flawed contract code

Contents

  • Fake account exploit
  • DeFi projects under attack

Solana-based decentralized app CashioApp has lost approximately $50 million in cryptocurrency because of an exploit that was previously noticed by blockchain experts on other Solana-based applications, as Paradigm’s samczsun reports.

The researcher described in detail the method that allowed hackers to gain access to users.

Fake account exploit

For minting new CASH tokens, users deposit a certain amount of collateral that falls under the cross-program invocation that transfers tokens from the account to the protocol. The program also checks if two accounts have the same type of token on their balance; otherwise, the transfer gets rejected.

Samczsun showed his followers the exact way to validate assets that remain on the sender account. The “crate_collateral_tokens” function compares two accounts that should hold the same type of token.

Another day, another Solana fake account exploit. This time, @CashioApp lost around $50M (based on a quick skim). How did this happen? pic.twitter.com/t7ThWL4zr1

— samczsun (@samczsun) March 23, 2022

But unfortunately, the functions of minting new tokens were never validated, which makes all steps described above meaningless since the primary function is not being validated by the process mentioned above.

After the hacker noticed the issue in the contract code, he or she started creating a chain of fake accounts before finally making a fake account, crate_collateral_tokens. In a nutshell, because of a flaw in Cashio’s code that did not establish a root of trust for all accounts used, the attacker was able to steal at least $50 million.

DeFi projects under attack

Recently, PeckShield blockchain security firm shared a number of warnings to protect owners and users based on Binance Smart Chain. Projects like OneRing and UmbNetwork were targeted by hackers that stole millions worth of assets from their balances. The estimated loss is approximately $1.8 million.

The most common reason behind almost every exploit is a flawed code in the smart contracts of the projects, including SafeMath issues.

Source: https://u.today/solana-based-app-lost-50-million-due-to-fake-account-exploit-heres-how

Tags: Account, App, Due, Exploit, Fake, Heres, lost, Million, Solanabased

Post navigation

Do I need to file a tax return if most of my income is Social Security?
U.S. Declares Russia Has Committed War Crimes In Ukraine
Press Release

Advertise

Subscribe

Privacy Policy

Contact