Share this article

Solana stablecoin protocol cashio has suffered an exploit leading to a complete collapse of its flagship stablecoin, CASH.

cashio Hacked for Millions

cashio, a stablecoin protocol on Solana, has suffered a major exploited.

The cashio team announced the incident on Twitter early Wednesday. “Please do not mint any CASH,” the team wrote. “There is an infinite glitch.” It also said it was investigating the issue and had found the likely root cause.

cashio is a Solana-based DeFi application that lets users mint CASH stablecoins. On cashio, all deposits are backed by interest-bearing liquidity provider tokens. For example, someone can provide liquidity with USDT and USDC to mint CASH. In this incident, the hacker found a vulnerability that allowed them to mint an infinite supply CASH without having the sufficient backing.

According to data from Solscan, the attacker minted two billion CASH stablecoins and then swapped them for other paired assets (mostly other stablecoins) via the decentralized exchange Saber. Per Defi Llama data, the hacker drained about $28 million worth of liquidity from the exchange. Saber posted an update announcing that it had paused its CASH liquidity pools following the incident. 

As a result of the exploit, CASH, whose value is supposed to be pegged to the U.S. dollar, has completely collapsed.

CASH/USD chart (Source: CoinGecko)

While the precise extent of the damage from the attack is still officially unknown, the renowned crypto security researcher known as samczsun on Twitter said that the losses amounted to about $50 million based on their “quick skim,” of the on-chain data.

This story is still developing and this article will be edited to include further details.

Disclosure: At the time of writing, the author of this piece owned ETH and several other cryptocurrencies.

Share this article