Cashio’s USD-pegged stablecoin CHASH has dropped from $1 to $0.00005, after an “infinite mingle” allowed attackers to mint tokens with no collateral.
Cashio developer 0xGhostChain took the Twitter to warn people not to “mint any CASH.” He also stated that the team was “investigating the issue and believe that we have identified the root cause.” Please withdraw any funds from the pools. We will publish a postmortem as soon as possible.”
According to DeFiLlama approximately $28 million worth of cashio’s protocol was drained by the exploit. However, Samczsun (a research partner at web3 investment firm Paradigm) shared a grimmer picture via Twitter today.
The researcher wrote, “Another day. Another Solana fake accounts exploit. Cashio App lost approximately $50M this time (based on a quick scan). What is the secret to this?
Another day, another Solana fake account exploit. This time, @CashioApp lost around $50M (based on a quick skim). How did this happen? pic.twitter.com/t7ThWL4zr1
— samczsun (@samczsun) March 23, 2022
Cashio hack is not without precedent
This isn’t the first time that a DeFi protocol was stolen for millions of dollars through an “infinite min” glitch.
DeFi developers used a related exploit on DeFi’s insurance project Cover in December 2020. They minted fake tokens for liquidity to Balancer.
The attackers then exchanged the staked tokens for COVER tokens. These tokens were then traded on multiple exchanges.
The attack caused $3 million in total damage. A note was attached to the transaction saying, “Next time, take care your own shit.”
Next time, take care of your own shit.@CoverProtocol @chefcoverage https://t.co/ks94ucdoRQ
— Grap.finance (@GrapFinance) December 28, 2020
1. No gains.
2. The Obtained Funds from LP has been returned to COVER.
Attackers ran the price SafeDollar’s eponymous dollar pegged stablecoin down to zero last summer after looting approximately $250,000 worth stablecoins from the platform’s liquidity pools. They then fenced the stolen coins using PolyDex.
