The Solana-based decentralized app Cashio App recently suffered a hacking incident that cost the platform a loss of nearly $50 million in cryptocurrency. The hacking incident was the result of an exploit initially spotted by blockchain experts on other Solana-based applications.
How the Platform Was Abused
Paradigm’s samczsun described the exploit that resulted in the hacking incident. The researchers stated that the users deposit a certain amount of collateral that falls within the cross-border call for minting new CASH tokens. The program verifies whether two accounts share the same type of tokens on their balance. If the program discovers the same tokens on both accounts, it will automatically reject the transfer.
Samczsun also explained the correct asset validation method on the sender’s account. However, the minting functions of the new tokens have not been validated. This made all the steps described above pointless as the main function is not validated by the program.
When the threat actor discovered the problem in the contract code, they created a series of fake accounts before setting up a fake account. Samczsun explained that Cashio’s code had a flaw, which failed to establish a trust foundation for all user accounts. This allowed the hackers to steal the funds from the platform.
DeFi platforms are increasingly targeted by hackers
Decentralized financial (DeFi) platforms have seen their fair share of attacks this year. Projects such as UmbNetwork and OneRing were targeted by threat actors who stole money, with an estimated loss of about $1.8 million. As a result, PeckShield blockchain security firm and other security firms have resorted to these DeFi protocols to remain more cautious. The security firms pointed out that exploitative code vulnerabilities have proven to be the most common reason for a series of attacks on DeFi platforms.
When a project’s smart contracts contain flawed code, just like the one in the Cashio app, attackers can launch the offensive mechanisms on the affected platform.
Your capital is at risk.