Stablecoin Cashio on Solana exploited for $52.8 million in 'infinite mint glitch'

Quick Take

  • Cashio Dollar is an algorithmic stablecoin backed by USDT-USDC LP tokens.
  • It fell foul to an “infinite mint glitch,” according to its team.
advertisement

A stablecoin on the Solana blockchain has been exploited for around $52.8 million and lost practically all of its value.

Cashio Dollar (CASH) is an algorithmic stablecoin that was launched by a developer called 0xGhostChain in November 2021. Anyone can mint tokens by depositing liquidity tokens for the two stablecoins UDST and USDC from the Saber platform. They can redeem the stablecoin for the underlying liquidity tokens.

The exploit happened shortly after 9:00 AM UTC. According to data tracking site DeFi Llama, the total value locked within the protocol fell from $28.87 million to $569,000. At the same time, the price of the stablecoin dropped from $1 to practically zero, per data tracking site CoinGecko.

Cashio's total value locked fell by $28 million today. Image: DeFi Llama.

"Please do not mint any CASH. There is an infinite mint glitch. We are investigating the issue and we believe we have found the root cause. Please withdraw your funds from pools. We will publish a postmortem ASAP," tweeted 0xGhostChain today.

An infinite mint glitch is where a protocol is mistakenly designed in such a way that allows a user to mint as many tokens as they would like, typically without providing any collateral that might otherwise be needed. Once someone can mint infinite tokens, they can sell them on the market, crushing a token's price.

According to a report by crypto exchange Bybit, the hacker made off with $52.8 million in two ways. After minting 2 billion CASH tokens through the "infinite mint glitch," they redeemed some of these CASH tokens for the underlying collateral, which was sold for $27.2 million. They then sold a large amount of the remaining tokens on a decentralized exchange for $25.6 million.

On the flip side, they appear to be returning a sizeable amount of the funds. As crypto trader Ceteris noted on Twitter, they have been returning some of the funds to liquidity providers. A message on the blockchain sent from the hacker's address said, "Account with less than 100k have been returned. all other money will be donated to charity." But this may only be for some of the pools.

This story has been updated with further details, including a report from Bybit, which provides more clarity on the amounts stolen.


© 2022 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

Trending Stories

Get Your Crypto
Daily Brief

Delivered daily, straight to your inbox.

The TRON Ecosystem Thrives Amidst Market Chaos

TRON DAO has announced the launch of a $10 million incentive fund in light of recent events to support Terra developers migrating to the TRON ecosystem, including TRON’s EVM compatible cross-chain solution BitTorrent Chain (BTTC), which helps facilitate the seamless transfer of assets across mainstream public chains, including TRON, Ethereum, and BNB Chain. 
Read Full Story
Sponsored Post

Layer-2 Scaling Solutions: A Framework for Comparison - Commissioned by Polygon

Ethereum had a breakout year in 2021. It’s native asset, ETH’s, market capitalization surpassed $500 billion for the first time. Its network facilitated upwards of $7 trillion value transfer. Non-fungible tokens (NFTs) emerged as another “killer application” that have put its technology on the global stage and caught the attention of the masses.
Read Full Story
May 5, 2022, 3:17PM UTC