In a significant cybersecurity incident, Cypher Protocol, a decentralized futures exchange built on the Solana blockchain, fell victim to a security breach on August 7, 2023. The breach led to an estimated financial loss of around $1 million. In response, the protocol’s smart contracts were immediately suspended to mitigate further damage, and an investigation was launched to identify the root cause of the breach. Cypher protocol wrote:
Cypher has has experienced an exploit/security incident. The smart contract has been frozen.
— cypher ©️ (@cypher_protocol) August 7, 2023
The team is currently working with individuals and investigating
To the hacker: We are writing to see whether you would be open to speaking with us about any potential next steps.
The breach occurred amidst the mtnDAO hacker house event, a collaborative event hosted by Cypher Protocol and Marginfi, another Solana-based protocol. Marginfi confirmed in their discord channel that it was not affected by the security breach.
The perpetrator managed to illicitly acquire approximately 38,530 Solana tokens and about $123,184 in USD Coin (USDC), amassing a total of $1,035,203. These funds were transferred to a wallet believed to be associated with the exploit. In what appears to be an attempt to liquidate the stolen funds, the alleged hacker transferred 30,000 USDC to the Solana USDC address “kiing.sol” on the Binance platform. Notably, the alleged hacker had not transferred any Solana-based funds to the Ethereum network at the time of the incident.
The exploit was carried out using a newly created address, which, at the time of reporting, held a balance of 39,704 SOL and 123,231 USDC, amounting to a total of $1.04 million. In an unusual move, Cypher also extended an invitation to the attacker for a conversation, possibly hinting at a potential bug bounty discussion.
On the same day, Steadefi, a decentralized finance (DeFi) app, was also targeted in an exploit, resulting in a loss of at least $334,000. The Steadefi development team confirmed that the exploit put all funds at risk. Per the developers, the attacker gained access to the team’s deployer wallet by stealing the private key, enabling them to borrow any available funds from the lending vaults and drain all loanable assets.
The Steadefi exploit led to a significant decrease in the app’s total value locked, as per data from DefiLlama. The attacker managed to change the contract owner to their own address, suggesting a probable private key leak. To date, approximately 624 ETH (~$1.14 million) have been drained from the project.
