Solana-based DEX Cypher Protocol Falls Victim To $1 Million Exploit

Updated: 08 August 2023

Disclosure

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Join Our Telegram channel to stay up to date on breaking news coverage

On August 7, Cypher Protocol, a Solana-based decentralized futures exchange, faced a severe security breach, resulting in an estimated $1 million exploit. The platform has informed its users about the security breach via X (formerly Twitter), leading them to halt their active smart contract to prevent further losses immediately.

Cypher has has experienced an exploit/security incident. The smart contract has been frozen.

The team is currently working with individuals and investigating

To the hacker: We are writing to see whether you would be open to speaking with us about any potential next steps.

— cypher ©️ (@cypher_protocol) August 7, 2023

Cypher is one of the fastest-growing protocols on the Solana blockchain partly because its loyalty program that rewards depositors and traders with points many users expect is the setup for an airdrop.

According to data provided by Solana blockchain explorer Solscan, the attackers targeted vulnerabilities in Cypher’s smart contract to gain unauthorized access to user funds. The theft encompassed 38,530 Solana (SOL) tokens worth $900,000 at current rates and $123,184 worth of USD Coin (USDC).

Responding to the incident, the Cypher Protocol team has said that an internal investigation has been launched to determine the root cause of the exploit. Further, this investigation is crucial to identifying the flaws and understanding how the attacker breached the smart contract to bolster the platform’s defences and prevent future instances.

After the security breach incident, about 30,000 USDC from the alleged wallet reached Binance’s Solana USDC address “kiing.sol.” The action suggests an attempt to convert the illegal funds and hints at a potential plan to liquidate the ill-gotten gains. However, there is a thin line. The miscreant must still transfer Solana-based assets to the more extensive Ethereum network.

The event led to a flurry of reactions, notably in the form of NFTs directed at the alleged hacker. One such NFT message was quite direct, noting:

“Seriously though, you used Binance and KuCoin to fund and get 30K out. People will find you. Please do the right thing and give the rest back.”

Another NFT was more direct and concise, proclaiming, “Return it, you miscreant.”

Cypher Protocol Breach: Recovery Steps

The Cypher team has taken the bold step of contacting the hacker to negotiate the return of the stolen funds. However, such attempts at resolution are primarily complex and raise ethical and legal concerns within the crypto community.

if you are the attacker you can reach out on email or session chat app

email: recover_protocol@proton.me

session id: 05acb0ff5ecb13d3e9d6e8225342994157df834f5f14ac916f2212b20539fe113d https://t.co/ZnEbJN8Kju

— cypher ©️ (@cypher_protocol) August 7, 2023

Dealing with the hackers is likely to be a two-way traffic, as it may result in recovering lost funds while potentially inciting more attacks on the platform or other Decentralized Finance (DeFi) ventures. Nonetheless, Cypher’s effort to engage in dialogue indicates a dedication to its users’ interests and willingness to limit the consequences of the exploit.

The exploit comes during Cypher’s biannual hacker house mtnDAO, which it hosts in Salt Lake City alongside fellow Solana trading protocol marginfi. Marginfi reaffirmed its autonomy and untouched status post the incident through an announcement on its Telegram channel.

It is worth noting that, in an evolving world of cryptocurrencies and blockchain, the Cypher Protocol’s incident is yet another reminder of the need for heightened security and the ever-present threats roaming in the shadows.