Cashio ($CASH), a Solana stablecoin protocol, suffered an exploit that caused its flagship stablecoin to collapse. The price of dollar-pegged stablecoin, $CASH, dropped from $1 to $0.00005 after hackers took advantage of an “infinite mint glitch.” DeFi Llama estimated that $28 million in value has been siphoned from Cashio’s protocol because of this exploit.
On Twitter, developer 0xGhostChain warned people “not to mint any CASH,” adding that the team “are investigating the issue and we believe we have found the root cause. Please withdraw your funds from pools. We will publish a postmortem ASAP.”
According to Solscan, a scanning tool that tracks all of Solana, using the decentralized exchange Saber, the attacker minted two billion $CASH stablecoins and then traded them for other paired assets (mostly other stablecoins). In response to the incident, Saber halted its $CASH liquidity pools, and the token lost its entire value.
Cashio Dollar was launched in November 2021. Anyone can generate $CASH by first depositing Saber $USDT.X– $USD.X liquidity provider tokens. In this incident, the hacker found a vulnerability that allowed them to mint unlimited amounts of $CASH without having the necessary backing.
This isn’t the first time a DeFi protocol has been hacked for millions of dollars through an “infinite mint” bug. Last year, attackers took about $250,000 worth of stablecoins from a liquidity pool and drove the price of stablecoin SafeDollar’s coin to zero.