The Hood of Cashio

Hacker promises to return part of stolen funds

Aberdeen S. Mar. 29, 2022

The plot keeps getting thicker when it comes to the Cashio app situation. Recently we reported on the 2nd largest hack and theft of assets on the Solana blockchain to date. This hack due to an infinite glitch saw the company lose $52 million on the dApp. During this time after a small announcement the team at Cashio and Saber both appeared to go dark, this left a bad taste in the mouth of many with a lot of users citing possiblity of inside work and other shady happenings.Saber at the time stated they could not help anyone with the situation despite heavilly promoting Cashio and the Saber VC distanced themselves as well,

Saber had written a short post mortem on the situation but at the time of this article that post mortem has been deleted. It was all a big mess with some in the community trying to appeal to the better nature of the hackers, seems that was what paid off.

So…What happened again?

As stated earlier to get CASH users had to make deposits of USDT-USDC on Saber as Saber manages a cross-chain AMM for Solana- based stablecoins. The hacker exploited a point of the Cashio’s account validation system and since the security component was not fully defined the hackers were able to create as many accounts as they wanted and minted as many of the token as they wanted.

The team at Saber labs has promised to be more transparent with their code reviewing in the future and has taken steps to avoid this from happening again , further promising that any product on Saber will be reviewed to guarantee the safety of the funds on the ecosystem. This is all well and good but some see it as too little too late. They state this new measure will not apply to closed source protocols which are harder to hack anyway. In speaking of refunds Saber claimed to be unable to financially back a refund to the users.Instead the team made a plea to the hacker in an attempt to get the funds returned

If you are the hacker and are reading this , we hope you will consider returning the funds rather than donating them to charity: accounts with over $100K are often users’ life savings on leverage, and many of us will seriously be affected financially after this incident. we are willing to give $1M USDC as a bounty if the funds are returned.

Dark Robin Hood

The plea seems to have worked in a way. Instead of returning all $52 million the hacker has agreed to return the money to those accounts that lost under $100,000 but not to those that lost over that amount. A link was offered to where users could access an open-source platform to apply for the refund.

The hacker then left a message on the platform to tell the details of their actions.

The intention was only to take money from those who do not need it, not from those who do. Will be using the gains to return more funds to those affected even some accounts more than 100K. Will not return funds to accounts that already receive refund.

The hackers seem to be a sort of robin hood with the intention of taking from the wealthy and spreading to the poor or underpriviledged , or perhaps just themselves.

Stay tuned for more here on Solanews

Remember nothing we write about is meant to be taken as financial advice. The articles, videos, and content are all meant as information only. Do your due diligence and keep your own finances in mind when making trades, purchases, or investments. Solanews does not take responsibility for any of your gains or losses.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store