Solana-based decentralized app Cashio App recently suffered a hacking incident that has cost the platform a loss of nearly $50 million in cryptocurrency. The hacking incident was a result of an exploit that was initially noticed by blockchain experts on other Solana-based applications.
How The Platform Was Exploited
Paradigm’s samczsun described the exploit that resulted in the hacking incident. The researchers stated that the users deposit a particular amount of collateral that falls within the cross-margin invocation for minting new CASH tokens. The program verifies whether two accounts share the same type of tokens on their balance. If the program finds out the same tokens on both accounts, the transfer is automatically declined.
Samczsun also explained the right asset validation method on the sender’s account. However, the functions of minting the new tokens were not validated. This rendered all the steps described above pointless because the main function isn’t validated by the program.
When the threat actor discovered the problem in the contract code, they created a chain of bogus accounts before setting up a fake account. Samczsun explained that Cashio’s code had a flaw, which didn’t establish a root of trust for all the user accounts. This allowed the hackers to steal the funds from the platform.
DeFi Platforms Are Increasingly Targeted By Hackers
Decentralized finance (DeFi) platforms have seen a fair share of attacks this year. Projects like UmbNetwork and OneRing were targeted by threat actors that stole funds, with an estimated loss of about $1.8 million. As a result, PeckShield blockchain security firm and other security firms have called on these DeFi protocols to stay more cautious. The security firms pointed out that exploitation in a vulnerable code is proven to be the most common reason for a series of attacks on DeFi platforms.
When the smart contracts of a project have flawed code, just like the one in Cashio App, it allows attackers to launch the offensive mechanisms on the affected platform.
Your capital is at risk.
Read more:
