Solana-based stablecoin mission Cashio crashes to zero after $28M exploit

Solana-based stablecoin mission Cashio crashes to zero after $28M exploit

  • Cashio was exploited by attackers by an infinite mint glitch which allowed them to mint CASH tokens infinitely with out depositing any collateral.
  • The value has crashed from $1 to $0.00005 as the event staff says that it’s wanting into the exploit and can situation a put up mortem quickly.

A stablecoin mission constructed on the Solana blockchain community has turn into the newest crypto mission to be exploited and lose thousands and thousands of {dollars}. Cashio was attacked at this time and misplaced $28 million to the attackers, with the worth of its native token crashing to zero.

Simply hours in the past, Cashio introduced on Twitter that it had suffered an infinite mint glitch and requested its customers to not mint any extra CASH, its native token. The builders behind the mission claimed to be investigating the difficulty and even mentioned that they had discovered the basis trigger (though they’ve but to make the small print public).

“Please withdraw your funds from swimming pools,” Cashio urged its customers.

An infinite mint glitch is when an attacker exploits a crypto mission and is ready to regularly mint new tokens with out putting the required collateral. On Cashio, customers have to position the collateral in liquidity pool (LP) tokens issued by Saber, a decentralized alternate constructed on Solana, sort of just like the ecosystem’s Uniswap. One will get the LP tokens from Saber after locking USDT and/or USDC tokens.

Having exploited the infinite mint glitch, the attackers have been in a position to mint about 2 billion CASH tokens with out putting any collateral, blockchain knowledge shows. Knowledge from DeFiLlama additional exhibits that the full worth locked on Cashio dropped by $28 million after the exploit, giving a tough estimation of the worth of the exploit. TVL on the protocol presently stands at a mere $580,000.


The value of the native CASH stablecoin token took an enormous blow following the assault. In accordance with knowledge by CoinGecko, the worth dropped by one hundred pc from $1 to $0.00005.

Samczsun, a analysis accomplice at crypto funding agency Paradigm shed extra mild on the assault on Twitter, describing it as “one other Solana pretend account exploit.”

In accordance with him, the protocol failed from the start in its construction by failing to have a root of belief for all of the accounts it used. This allowed the attacker to forge a sequence of pretend accounts and exploit the protocol for thousands and thousands of {dollars}.

He said:

Which means in the end, all of this validation is meaningless as a result of there’s no trusted root. The attacker simply created pretend accounts all the best way down after which chained all of it the best way again up till they lastly made a pretend crate_collateral_tokens account.

Leave a Reply

Your email address will not be published.