A decentralized finance (DeFi) protocol called Cashio fell victim to a hack on Monday. According to the data, the hacker managed to steal US$ 50 million from the protocol.
The Cashio network, which runs on the Solana blockchain, has seen its CASH token plummet in value. Quoted at $1 before the attack, it lost 93% and dropped below $0.01.
However, the most curious thing was the hacker’s attitude after the attack. Along with the transaction of theft of funds, he wrote a private note, according to data from the etherscan. In the note, the hacker set some conditions to return the stolen funds to the affected users.
Return of funds under conditions
To read the text with the private note, the user needs to have an Etherscan account and login. In the text, the hacker stated that he would return the funds individually to all aggrieved users. However, they would need to meet some conditions to receive the money:
- users would need declare the amount to be refunded;
- give evidence that they in fact possessed that declared value;
- provide an Ether (ETH) address, as refunds will be made in ETH and not in SOL;
- Users need to provide details about the source of their money and why they need a refund.
In addition to users, the hacker said he also intends to refund Cashio’s liquidity providers. According to the hacker, users who had less than $100,000 in their wallets have already been refunded.
Interestingly, the anonymous hacker claimed that the purpose of the attack was to take funds from large investors – who allegedly didn’t need the money – and not customers with smaller accounts. That is, he acted like a modern Robin Hood.
About the Cashio protocol attack
Although it took place on Monday, the problems with Cashio started last week. The protocol suffered a flaw in the token minting process, allowing them to be issued in an unlimited way.
The hacker discovered the flaw and exploited the protocol’s smart contract, managing to print an infinite amount of the token. Then he sold these tokens on the market, which brought the price down.
Despite the hacker’s benevolence, he is expected to make a full refund of the funds. Saber Labs, the exchange that backed the Cashio protocol, is offering a $1 million reward in USD Coin (USDC) stablecoin if all the money is returned.