Hacker Of Solana Based Cashio Will Return Part Of Stolen Funds

Bitcoinist發佈於 2022-03-29更新於 2022-03-29

文章摘要

The team behind Cashio, a Solana-based dApp that was hacked last week, published a postmortem report on the attack. In...

The team behind Cashio, a Solana-based dApp that was hacked last week, published a postmortem report on the attack. In one of the biggest hacks on this network, the bad actors managed to steal $50 million by exploiting a vulnerability on the dApp.
As Bitcoinist reported, to use Cashio, users need to mint CASH by making SABER deposits on the USDT-USDC pool. Saber operates as a cross-chain AMM for Solana-based stablecoins.
The bad actor apparently exploited a point of failure on Cashio’s account validation system. This security component was incomplete and enable the bad actor to create multiple accounts.
The report from Saber Labs records an increase in activity for the CASH pools. Thus, there was more capital locked on Cashio than usual, probably making it more attractive for the bad actors.
The team at Saber Labs claimed it took measures to prevent something similar from happening in the future. In particular, they will be more transparent with their code reviewing and auditing process.
Any product on the Saber ecosystem, they announced, will be reviewed to guarantee the safety of the funds. This measure will not apply to closed source protocol which, Saber Labs believes, “have the benefit of being much harder to hack”.
Saber Labs apologized for the attack on its users. They claimed to lack the funds to “payback depositors”, or to economically amend this “catastrophic” event to Saber users.
The team made the following announcement in an attempt to revert a situation that they believe could negatively impact its users:
If you are the hacker and are reading this, we hope you will consider returning the funds rather than donating them to charity: accounts with over $100k are often users’ life savings on leverage, and many of us will seriously be affected financially after this incident. We are willing to give $1M of USDC as a bounty if the funds are returned.
Solana dApp Hacker Pulls A Robinhood
This plead was apparently listened to and replied to for the benefit of Cashio users. According to a pseudonym user, the bad actors decided to return the funds to those with accounts that lost under $100,000 in CASH.
In order to get their funds back, users need to access the following link. This will lead them to an open-source platform created to receive refunds submissions.
The creator of this website published the Github link to the open-source code that supports the refund submission platform. Thus, anyone can verify its authenticity and should check for any potential vulnerabilities or malicious code.
The attacker or attacker left the following message on their actions:
The intention (with the Cashio hack) was only to take money from those who do not need it, not from those who do. Will be using the th gains to return more funds to those affected, even some accounts more than 100k. Will not return funds to accounts that already receive refund.
The attacker made several demands, including potential leaders for the organization backing the Solana dApp.
Thanks @wireless_anon for setting this up. We have deployed the same code at https://t.co/i4KtrqfB8E
We will send out a tutorial on how to use this and how to verify you entered everything correctly soon, as well as more information on how to submit the signatures to us after. https://t.co/RncwVBCmfE
— Cashio ($CASH) 💵 (@CashioApp) March 28, 2022
At the time of writing, Solana (SOL) trades at $112 with a 1% profit on the 4-hour chart.

Solana SOL SOLUSDT

SOL with moderate profits on the 4-hour chart. Source: SOLUSDT Tradingview

你可能也喜歡

我们离加密熊市结束还有多远?

自5月19日至7月3日,Coinbase比特币溢价指数已连续46天处于负值,创下最长记录。比特币和以太坊价格一度跌破关键点位,市场熊市氛围浓厚。 5月底,加密货币概念股龙头MicroStrategy时隔三年再次卖出比特币,虽规模仅32枚,但引发市场恐慌,成为加剧下跌的导火索。6月初,比特币创下自2022年以来最差单周表现,跌破被视为关键支撑的200周移动均线,被市场分析师视为进入熊市的重要信号。 尽管多家机构曾预测熊市接近尾声,但比特币的持续下跌打破了这些乐观预期。MicroStrategy发行的优先股STRC价格大幅脱锚并创历史新低,虽后续因公司回购计划等暂时回升,但市场信心仍受挫。同时,比特币和以太坊长期持有者的亏损面持续扩大,比特币亏损UTXO数量创历史新高,以太坊巨鲸也陷入多年未见的亏损状态。 对于熊市何时结束,市场观点不一。易理华认为7-8月可能是最后的抄底时机;江卓尔则预测底部可能在10-12月出现,价格区间为4.2万至4.4万美元。技术指标方面,比特币价格已持续位于200周移动平均线之下,四年来平均价格指数也一度跌破1,这些都被视为可能触底的信号。 综合来看,在没有重大利好的情况下,当前熊市可能至少还将持续2-3个月,今年9月下旬至10月上旬将是判断市场能否反弹的关键窗口期。

Odaily星球日报57 分鐘前

我们离加密熊市结束还有多远?

Odaily星球日报57 分鐘前

交易

現貨
活动图片