Solana blockchain-based stable coin project Cashio suffered an exploitation attack due to the ‘infinite mint glitch’, losing nearly $52.8 million worth of assets from the project, plummeting its stabelcoin’s price to nearly Zero.
Cashio creator 0xGhostChain warned people on Twitter “not to mint any CASH,” and added that the team “are investigating the issue and we believe we have found the root cause. Please withdraw your funds from pools. We will publish a postmortem ASAP.”
The team stated that the hacker exploited an “infinite mint glitch” to execute an attack. Some speculations say that the attacker was earlier active under the pseudonym ‘Ariusuha’ to execute multiple rug pulls in the NFT space.
However, some experts have condemned the project for this attack by raising bitter questions. A researcher wrote “Another day, another Solana fake account exploit. This time, Cashio App lost around $50M (based on a quick skim). How did this happen?”
On Cashio, users can mint $CASH with collateral of USDC and USDT. Cash is pegged by US dollar and backed by USDT-USDC via a liquidity pool on Saber platform. Saber is the decentralized exchange on Solana, where users can get LP tokens in return for their deposit.
The hacker was able to mint an infinite supply of CASH tokens without having sufficient collateral. Hacker minted over 2 billion CASH, without any USDC or USDT backing. The hacking news caused a heavy fall in the tokens that fell from $1 to $0.00005.
With growing numbers in crypto projects, cyberattacks on DApps and protocol have become more severe. Recently, Polygon’s Stablecoin Protocol QiDAO Suffered exploit worth $13Million.