Solana-backed Stablecoin Cashio Loses $28M in Exploit

Key Insights:

• Solana-backed stablecoin CASH suffered an exploit.
• Cashio Dollar is an algorithmic stablecoin backed by USDT-USDC LP tokens.
• Hacker siphoned million using an ‘infinite mint glitch.’

DeFi exploits and hacks have become a recurring phenomenon in the crypto markets. Recently another exploit came to light after Solana’s stablecoin protocol Cashio lost millions in a hack bringing the TVL of the protocol down to the lowest.  

Another Exploit, Another Coin’s Value Lost

Cashio, a stablecoin on the Solana blockchain, was exploited for almost $28 million on March 23. The protocol has lost practically all of its value in the hack leading to a complete collapse of its flagship stablecoin, CASH.

The organization shared with its Twitter followers that the exploit was an ‘infinite mint glitch.’ Cashio also stated that they are currently investigating the issue and have not found the incident’s root cause. 

Please do not mint any CASH. There is an infinite mint glitch.

We are investigating the issue and we believe we have found the root cause. Please withdraw your funds from pools. We will publish a postmortem ASAP.

— Cashio ($CASH) 💵 (@CashioApp) March 23, 2022

Cashio Dollar (CASH) is an algorithmic stablecoin backed by USDT-USDC LP tokens. The token was launched by a developer called 0xGhostChain in November 2021. 

Deposits are backed on Cashio by interest-bearing liquidity provider tokens. Anyone can provide liquidity with USDT and USDC to mint CASH. The hack occurred because the hacker found a vulnerability that allowed them to mint an infinite supply of CASH without sufficient backing.

Saber, a platform that enables cross-chain liquidity exchange for stable pairs, posted an update announcing that it had paused its CASH liquidity pools following the incident. 

Data from DeFi Llama highlighted that the total value locked of the protocol fell from $28.87 million to $622,404. 

In an infinite mint glitch, a protocol is mistakenly designed to allow users to mint as many tokens as possible without providing any collateral. Once a hacker can mint unlimited tokens, they can sell them on the market, crushing the token’s price. 

Hacks on the Rise

This is not the first time a stablecoin based on another protocol has been hacked. Previously, Polygon-based Safedollar dropped to $0 after an exploit in June 2021, with both USDC and USDT being stolen by the hacker at the time.

Just yesterday, in a hot wallet attack, Arthur Cheong, DeFiance Capital founder, lost more than $1.5 million. 

Furthermore, another DeFi exploit came to light last week when an attacker siphoned over $11 million from Agave and Hundred Finance through a flash loan reentrancy attack. Seemingly, protocols getting hacked have been synonymous with crypto markets as crypto crimes have risen over the years.