$52 800 000 USD

MARCH 2022

GLOBAL

CASH.IO APP

DESCRIPTION OF EVENTS

"cashio is a Solana-native stablecoin made for the people, by the people." "all cashio dollar deposits are fully backed by interest-bearing stable pair LP tokens."

 

"Cashio is a decentralized stablecoin fully backed by interest-bearing Saber USD liquidity provider tokens. Cashio specifically chooses USD LPs that are backed by safer USD assets, attempting to capture the risk-free rate of the Solana stablecoin ecosystem."

 

"Using Arrow Protocol, Cashio stakes LP tokens into Sunny Aggregator, earning $SBR and $SUNNY tokens to the Cashio DAO. Cashio also uses Crate Protocol to build its USD-pegged stablecoin, which can be thought of as a basket of stablecoin LPs."

 

"Currently, protocol profits accrue to a program-owned account known as the Bank. We intend to create a mechanism to have these cash flows accrue value to users of the Cashio Protocol. More information on this will be available soon."

 

"In March 2022, the Solana-based Cashio stable coin CASH was the victim of a hack exploiting an “infinite mint” vulnerability. The value of the CASH token plunged to $0.00005 after the attacker stole over $52 million in tokens from the protocol."

 

"Another day, another Solana fake account exploit. This time, @CashioApp lost around $50M (based on a quick skim). How did this happen?"

 

"[B]ecause Cashio didn't establish a root of trust for all of the accounts it used, an attacker was able to steal approximately $50M by forging a chain of fake accounts."

 

"In order to mint new CASH, you need to deposit some collateral. This cross-program invocation (CPI) will transfer tokens from your account to the protocol's account, but only if the two accounts hold the same type of token. Otherwise, the token program will reject the transfer."

 

"Here, the protocol validates that the crate_collateral_tokens account hold the right type of token by comparing it with the collateral account. It also verifies the collateral account shares the same token type as the saber_swap.arrow account."

 

"Unfortunately, the mint field on the arrow account is never validated." "This means that ultimately, all of this validation is meaningless because there's no trusted root. The attacker just created fake accounts all the way down and then chained it all the way back up until they finally made a fake crate_collateral_tokens account."

 

"The attacker forged accounts to bypass the validation on common.crate_collateral_tokens, but what about depositor_source?" "Well, the depositor_source has to use the same token as common.collateral." "But common.collateral contains two fields: collateral and bank, and the attacker can't set the collateral unless they're the owner of the bank." "Fortunately, the attacker can just create a new bank, one in which they're the curator. They'll need to use a new crate_mint since the total supply of the token must be zero."

 

"Now that the attacker has essentially created a parallel universe, they can go back and deposit their worthless collateral. Critically, they can instruct the program to mint the original CASH token because there was no check that the bank's token matched the one being minted."

 

"While anchoring to a root of trust is important, the real lesson learned here is how all the authentication in the world is meaningless if you miss a single load-bearing check."

 

"Please do not mint any CASH. There is an infinite mint glitch. We are investigating the issue and we believe we have found the root cause. Please withdraw your funds from pools. We will publish a postmortem ASAP."

 

"Interestingly, the anonymous hacker stated that the purpose of the attack was to take funds from big wallet holders who did not need the money and not customers with smaller accounts."

 

"The Cashio hacker has set forth conditions for returning funds stolen from the decentralized platform. Data from Etherscan shows someone in control of the wallet linked to the exploit detailing how restitution could happen for people affected by the attack."

 

"The hacker gave six conditions, part of which asked affected users to state the amount to be refunded, provide their ETH address as refunds will be done in Ether. They also required users to give details about the source of their money and why they needed a refund."

 

"Furthermore, the perpetrator promised to refund affected liquidity providers if they can show proof of the initial amount they had. Meanwhile, the Cashio attacker said they had already refunded accounts with less than $100,000 in their wallets."

 

"[H]ave already refunded accounts under 100k which held CASH direrctly and saber cash/usdc LP and saber cash/ust LP."

 

"[T]he inntention was only to take money from those who do not need it, not from those who do. [W]ill be using the eth gains to return more funds to those affected, even some accounts more than 100k. will not return funds to accounts that already receive refund."

 

"[I]nstructions: we want jimthereaper#6550 and The Saint Eclectic#1238 to leads the organization. they have shown to be leaders. [F]or each person affected the following exact information is required for us to consider return of funds."

 

"1. eth address to send the returned funds to. all returns will be done in eth. 2. the original solana wallet that held the cash or cash lp pair. even cash lp pairs that we did not take (like PAI/CASH or aeMIM/CASH) will be return since it is our fault they lost money to arbitage bots. 3. if the lp is held by other owner (like sunny or quarry) then a transaction proving that you own the lp and the account that you own is needed. this message will have to be signed by the account that you own instead of account that directly owns the lp (since that will be sunny or quarry). 4. if already sell or buy lp or cash, show transaction from before the hack to prove how much you had. 5. the amount of money to be return. 6. an explanation of the source of this money and why you need it back. more detail is better. money will not be refund to rich american and european that don't need it."

 

"[A]ll this information MUST be signed by either the original account owner of cash or lp or the account that staked the money into sunny or quarry. [B]ad sign or incomplete information will result in no return. [W]e will choose who gets a return. [M]ight get all back or some back or none back. [P]ut all the request together in one file, returns will start next week manually. [W]ill take some time."

 

"[A]lso godoflight and all other are scammer. [O]nly trust message signed by account."

 

"We are working nonstop to make sure every refund submission gets verified in a transparent, efficient manner. Developing this takes some time. Regardless, we want to urge everyone impacted to head over to our discord and get help filling out a refund form. There is help."

 

"[Y]ou can now go [and] search your wallet address." "For all CASH related token accounts it will show you [p]re hack token balance [and] [l]ast transaction to account. We will use this tool to verify submissions."

 

"Again- we know it might be a pain to have to go through and find the old LP transactions to prove your ownership- create the signature- then submit the form- but we are trying to make it as simple to get your money back while ensuring that you truly did lose the funds."

 

"[A]n argument is breaking out on social media about whether the returned funds, which is a comparatively small amount of the total amount stolen, should be split among all the victims or given to the individuals with less than $100,000 at stake, as the scammer intended."

 

"What was more interesting in Bybit’s findings was a hidden message embedded by the hacker in a particular transaction that has made the DeFi community rename the hacker as modern-day “Robin Hood.” The hacker wrote in a transaction[.]"

 

“Account with less than 100K have been returned. All other money will be donated to charity.”

The cash.io app is a blockchain stablecoin on the Solana blockchain. Due to a missing validation in the smart contract, a smart hacker was able to drain $52.8m worth of funds from the smart contract. The attacker made the decision that they would return the funds of all accounts that lost less than $100k, and sent those funds back to be distributed. It is assumed that these will be distributed as intended by the attacker, but that hasn't been finalized yet.

HOW COULD THIS HAVE BEEN PREVENTED?

Smart contracts function as effective hot wallets, and while audits can greatly reduce the risks, even smart contracts with multiple audits can still be vulnerable. By limiting the funds in the hot portion of a smart contract to what is necessary for expected liquidity, and holding the rest in a simple multi-signature structure by known trained participants storing keys offline, smart contracts can be developed which have significantly less funds at risk of theft. The hot balance can be further protected through a simple insurance fund which can be set up by the project, a third party smart contract, or a collective industry fund.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.