Cypher Protocol Exploited, Will the Hacker Return the Funds? Details

Cypher Protocol, a Solana-based futures DEX, has been forced to pause its smart contract in the wake of an exploit that resulted in a loss of more than $1 million.

The Why

Late last night, Cypher’s devs announced that they had suffered a “security incident”, resulting in the need to pause their smart contract until a post-mortem was carried out. An appeal to the hacker was also made, promising a discussion on the next steps should the bad actor care to reply.

The exchange’s mission, which is proudly stated in Cypher Protocol’s Twitter bio, was also cause for mirth.

However, the irony doesn’t stop there. It turns out that the hack occurred during mtnDAO, a hackathon co-hosted by Cypher Protocol and Marginfi, another Solana-based project.

It appears we have a winner – although not by popular vote.

The exploit drained over 38k SOL tokens and more than 123k USDC, adding up to a total of $1,035,203 in ill-begotten gains.

In a rather perplexing move for the hacker, Binance and KuCoin were chosen for cashing out. By choosing big exchanges with robust cybersecurity teams instead of the well-known crypto mixer route, the hacker runs a much bigger risk of being caught. However, it’s also possible that the exploit was carried out as an impromptu addition to the hackathon. If the funds are meant to be returned, anonymity may not matter to the exploiter as much.

Alternatively, the attack may have been carried out by someone in a country who does not cooperate with Western law enforcement, in which case ease of access to liquidity provided by big CEXs may be the only thing that matters.

Reaching Out Via NFTs.

Since the attack, users have been reaching out to the hacker by sending NFTs with brisk messages to the address involved.

Some of these messages are simple appeals to morality.

“Seriously though, you used Binance and KuCoin to fund and to try and get 30k out. People will find you. Please do the right thing and give the rest back.”

However, other users opted for a terser “Give it back, you sh*tlord”.

Although the size of the exploit is dwarfed by previous attacks on the Solana network, a hack of this size can be a sink-or-swim deal for smaller projects like Cypher Protocol. It remains to be seen what the devs uncover about the attack and if a recovery is possible.

Source link

About The Author