Hacker Of Solana Based Cashio Will Return Part Of Stolen Funds

Bitcoinist發佈於 2022-03-29更新於 2022-03-29

文章摘要

The team behind Cashio, a Solana-based dApp that was hacked last week, published a postmortem report on the attack. In...

The team behind Cashio, a Solana-based dApp that was hacked last week, published a postmortem report on the attack. In one of the biggest hacks on this network, the bad actors managed to steal $50 million by exploiting a vulnerability on the dApp.
As Bitcoinist reported, to use Cashio, users need to mint CASH by making SABER deposits on the USDT-USDC pool. Saber operates as a cross-chain AMM for Solana-based stablecoins.
The bad actor apparently exploited a point of failure on Cashio’s account validation system. This security component was incomplete and enable the bad actor to create multiple accounts.
The report from Saber Labs records an increase in activity for the CASH pools. Thus, there was more capital locked on Cashio than usual, probably making it more attractive for the bad actors.
The team at Saber Labs claimed it took measures to prevent something similar from happening in the future. In particular, they will be more transparent with their code reviewing and auditing process.
Any product on the Saber ecosystem, they announced, will be reviewed to guarantee the safety of the funds. This measure will not apply to closed source protocol which, Saber Labs believes, “have the benefit of being much harder to hack”.
Saber Labs apologized for the attack on its users. They claimed to lack the funds to “payback depositors”, or to economically amend this “catastrophic” event to Saber users.
The team made the following announcement in an attempt to revert a situation that they believe could negatively impact its users:
If you are the hacker and are reading this, we hope you will consider returning the funds rather than donating them to charity: accounts with over $100k are often users’ life savings on leverage, and many of us will seriously be affected financially after this incident. We are willing to give $1M of USDC as a bounty if the funds are returned.
Solana dApp Hacker Pulls A Robinhood
This plead was apparently listened to and replied to for the benefit of Cashio users. According to a pseudonym user, the bad actors decided to return the funds to those with accounts that lost under $100,000 in CASH.
In order to get their funds back, users need to access the following link. This will lead them to an open-source platform created to receive refunds submissions.
The creator of this website published the Github link to the open-source code that supports the refund submission platform. Thus, anyone can verify its authenticity and should check for any potential vulnerabilities or malicious code.
The attacker or attacker left the following message on their actions:
The intention (with the Cashio hack) was only to take money from those who do not need it, not from those who do. Will be using the th gains to return more funds to those affected, even some accounts more than 100k. Will not return funds to accounts that already receive refund.
The attacker made several demands, including potential leaders for the organization backing the Solana dApp.
Thanks @wireless_anon for setting this up. We have deployed the same code at https://t.co/i4KtrqfB8E
We will send out a tutorial on how to use this and how to verify you entered everything correctly soon, as well as more information on how to submit the signatures to us after. https://t.co/RncwVBCmfE
— Cashio ($CASH) 💵 (@CashioApp) March 28, 2022
At the time of writing, Solana (SOL) trades at $112 with a 1% profit on the 4-hour chart.

Solana SOL SOLUSDT

SOL with moderate profits on the 4-hour chart. Source: SOLUSDT Tradingview

你可能也喜歡

上半年,VC们的钱一半投向了AI,光这30家公司就融了超1700亿元

2026年上半年,国内AI赛道融资呈现爆发式增长。IT桔子数据显示,上半年AI赛道股权融资事件达1203起,总金额突破3000亿元,已远超2025年全年。其中,仅6月份融资额就突破1000亿元,DeepSeek的510亿元首轮融资是重要推手。 融资地域高度集中,北京、杭州、上海、深圳四城贡献了超86%的融资规模。北京以955亿元位居第一,杭州因DeepSeek带动跃居第二。 从细分赛道看,大模型融资1598.53亿元,独占鳌头,拿走超半数资金。AI基础层(算力、芯片等)融资725.68亿元,AI+具身智能赛道融资906.44亿元,是项目最活跃的领域。AIGC应用赛道融资596.05亿元,商业化成熟度最高。 资本布局节奏清晰:早期项目(种子/天使轮)数量多但单笔金额小,重在“广撒网”;成长期(A/B轮)是核心战场,贡献了近半数融资额;成熟期项目数量少但单笔金额最大,是赛道“压舱石”。 早期投资聚焦“世界模型”等具身智能底层技术,大模型早期窗口已基本关闭。中后期融资集中于头部企业,TOP20公司融资金额占全赛道过半。其中,DeepSeek、阶跃星辰、Kimi构成“大模型三巨头”;七家人形机器人公司组成第二梯队;AIGC应用、自动驾驶及AI制药等领域也有企业获得大额融资。 展望下半年,全年AI融资额有望突破6000亿元,但节奏可能“前高后低”。大模型赛道将开启“淘汰赛”,资金向头部集中,纯通用大模型的创业窗口已经关闭。

marsbit38 分鐘前

上半年,VC们的钱一半投向了AI,光这30家公司就融了超1700亿元

marsbit38 分鐘前

交易

現貨
活动图片