Solana-based stablecoin Cashio falls prey to infinite mint glitch, CASH pummels to zero

NEW DELHI (CoinChapter.com) — Another day, another attack on a DeFi protocol.

Solana-based stablecoin project Cashio fell prey to an infinite mint exploit that saw the protocol lose roughly $28 million. However, samczsun, a research partner at Web3 investment firm Paradigm, believes the losses to be around $50 million.

Please do not mint any CASH. There is an infinite mint glitch.

We are investigating the issue and we believe we have found the root cause. Please withdraw your funds from pools. We will publish a postmortem ASAP.

— Cashio ($CASH) 💵 (@CashioApp) March 23, 2022

An infinite mint glitch allows users to mint an unlimited number of tokens without providing any collateral. Once the malicious element has minted the tokens, they can sell them on the market, driving the targeted token to the ground.

As a result of the exploit, Cashio’s flagship stablecoin CASH suffered a complete collapse. The protocol lost practically all of its value, with its TVL dropping from $29.03 million to reach $624,412. Its stablecoin, CASH, lost 99.975% of its value, falling from $1 to $0.000240 at the time of writing.

Also Read: SOL climbs over $100 as Solana strikes a deal with PUBG backer.

Cashio took to Twitter to warn users not to mint any CASH tokens, further adding that the Cashio team is investigating the issue. Moreover, the protocol also assured users that they had found the cause behind the issue and were working to resolve it.

In detail, USDT-USDC liquidity pool tokens back the Cashio Dollar (CASH), an algorithmic stablecoin. Users can provide liquidity using USDC or USDT to mint CASH tokens.

Cashio Not The First Victim Of The Infinite Mint Glitch

In Dec 2020, peer-to-peer insurance marketplace Cover Protocol fell prey to a similar exploit. Grap Finance, another DeFi protocol focused on NFTs, took responsibility for the attack.

Although Grap returned the $3 million (in ETH) they took, the price of Cover protocol’s namesake native token COVER fell by nearly 100%, going from $731.48 to $26.59 on Dec 28, 2020. Grap Finance claimed it was only highlighting the exploit.

Next time, take care of your own shit.@CoverProtocol @chefcoverage https://t.co/ks94ucdoRQ

1. No gains.
2. The Obtained Funds from LP has been returned to COVER.

— Grap.finance (@GrapFinance) December 28, 2020

Again, in June 2021, malicious elements attacked the stablecoin protocol SafeDollar, making away with $250,000 worth of stablecoins(USDC and USDT). As a result of the attack, the price of SafeDollar, a Polygon-based stablecoin, nosedived to zero.

Crypto-Related Hacks On The Rise

The cryptocurrency market suffered losses to the tune of $4.25 billion in 2021 alone, with the DeFi sector witnessing the biggest jump in thefts. For example, in Aug 2021, Poly Network lost $610 million to a hacker looking to prove a point, with the entire amount recovered over a week.

Also Read: Ethereum (ETH) bobbed at over $2.5K as hackers cleaned out 3M from Deus Finance.

On Tuesday this week, DeFiance Capital founder and crypto whale Arthur Cheong fell victim to a hot wallet attack, losing more than $1.5 million. Cheong took to Twitter to ask for blacklisting of the address.

ATTENTION ALL @AzukiZen it seems sadly @Arthur_0x wallet has been hacked please do not bid or buy any of these NFTs from this address!!! pic.twitter.com/SsdKt8otis

— StockEd NFT's (@robbyhammz) March 22, 2022

The hacker sold some of the stolen Azuki NFTs for cheap on OpenSea, a platform that lost nearly $1.8 million in a phishing attack in Feb this year.

Moreover, the DeFi protocols Agave and Hundred Finance had to pause operations after suffering a flash loan reentrancy attack. Attackers wiped off more than $11 million worth of wrapped ETH (wETH), wrapped Bitcoin (wBTC), Gnosis, and Wrapped XDAI.

Hacks on crypto platforms are a major hindrance to the mainstream adoption of cryptocurrencies, as they erode users’ belief in the sector’s security. Moreover, security issues might lead to a call for regulation of the crypto industry, eroding the sector’s founding principle of decentralization.