Solana-based CASH stablecoin loses all value after hack
- Hacker manipulated Cashio’s smart contracts, minted endless supply of CASH
- The criminal exchanged the newly minted tokens for stablecoins on Cashio’s liquidity pools
Cashio (CASH), a Solana-based stablecoin protocol, was exploited in an “infinite glitch” attack, it emerged today, March 23, CoinDesk reported.
After the attack, the Cashio CASH token almost lost all of its value.
Minting an infinite supply of CASH
Today’s incident made it possible for the hacker to manipulate Cashio’s smart contracts and mint an endless supply of CASH, but with no liquidity in return. They minted more than 2 billion CASH according to blockchain data. None of the newly minted tokens had USDC or USDT backing.
Cashio TVL dropped by $28M
The criminal exchanged the newly minted tokens for stablecoins on Cashio’s liquidity pools. The platform’s TVL (total value locked) dropped by $28 million after the attack according to data from tracking tool DeFi Llama.
The Cashio team tweeted soon after the attack:
Please do not mint any CASH. There is an infinite mint glitch. We are investigating the issue and we believe we have found the root cause. Please withdraw your funds from pools.
What is CASH?
CASH is a stablecoin backed by Tether and USD Coin through a liquidity pool on Solana-based market maker Saber. It is in a currency peg with the U.S .dollar. You can mint CASH by providing liquidity with the above stablecoins.
Not a first
CASH isn’t the first stablecoin to fall victim to this kind of exploit. Stablecoins based on other protocols have suffered similar attacks in the past. In June last year, Polygon-based Safedollar lost all of its value after such an exploit. The hacker siphoned off Tether and USD Coin at the time.