Cypher Protocol freezes smart contract after an estimated $1M exploit

Cypher Protocol freezes smart contract after an estimated M exploit

A crypto wallet suspected to be tied to the exploit shows it gained over $1 million in SOL and UDSC since the attack.

Solana-based decentralized futures exchange Cypher Protocol halted its smart contract after an estimated $1 million exploit.

On Aug. 7, Cypher alerted its 13,500 followers on X (formerly known as Twitter) that it had experienced a security incident and had thus frozen its smart contract.

The team added it is investigating the cause of the exploit and has reached out to the hacker to negotiate a potential return of stolen funds.

Cypher has has experienced an exploit/security incident. The smart contract has been frozen.

The team is currently working with individuals and investigating

To the hacker: We are writing to see whether you would be open to speaking with us about any potential next steps.
— cypher ©️ (@cypher_protocol) August 7, 2023

According to data from Solana blockchain explorer Solscan, the wallet suspected to be tied to the exploit stole approximately 38,530 Solana (SOL) tokens as well as $123,184 USD Coin (USDC) — netting a total of $1,035,203 in illicitly gained funds.

*Total balance of stolen funds in the Cypher attackers' wallet. Source: Solscan*

In the hours following the exploit, the alleged wallet transferred 30,000 USDC to Binance’s Solana USDC address “kiing.sol” in a possible attempt to cash out the stolen funds.

*The alleged hacker transferred 30,000 USDC to Binance. Source: Solscan*

At the time of publication, the alleged hacker has yet to bridge any Solana-based funds to the Ethereum network.

The attack comes amid Cypher Protocol’s mtnDAO hacker house event, which it co-hosts with fellow Solana protocol Marginfi. Marginfi wrote in its Telegram that it remains independent from Cypher and had not been impacted by the attack.

Cointelegraph has reached out to Cypher Protocol for more details but did not receive an immediate response.

This is a developing story, and further information will be added as it becomes available.

Deposit risk: What do crypto exchanges really do with your money?

Ongoing Solana-based wallet hack has already seen millions drained

Coin Telegraph

NFT marketplace Magic Eden noted that it “seems to be a widespread SOL exploit at play" and called on users to revoke permissions for any suspicious links in their Phantom wallets.

A security vulnerability impacting the Solana ecosystem has reportedly seen millions in funds drained across a number of Solana-based wallets.

At the time of writing, Solana (SOL) is currently trending on Twitter as countless users are either reporting on the hack as it unfolds, or are reporting to have lost funds themselves, warning anyone with Solana-based hot wallets such as Phantom and Slope wallets to move their funds into cold wallets.

IMPORTANT- please retweet and tag @phantom and @solana

1. Many users are claiming they are getting notifications that they are sending tokens to an unknown address

2. Common Denominator is that they have all been @phantom wallets
— Solar Dex (@solar_dex) August 2, 2022

So far both Phantom and Magic Eden have commented on the issue, with wallet provider Phantom noting that it is working with other teams to get to the bottom of the issue, although it says it does not “believe this is a Phantom-specific issue” at this stage.

We are working closely with other teams to get to the bottom of a reported vulnerability in the Solana ecosystem. At this time, the team does not believe this is a Phantom-specific issue.

As soon as we gather more information, we will issue an update.
— Phantom (@phantom) August 3, 2022

Magic Eden confirmed the reports by stating that “seems to be a widespread SOL exploit at play that's draining wallets throughout the ecosystem” as it called on users to revoke permissions for any suspicious links in their Phantom wallets.

Twitter user @nftpeasant has been following the incident closely, and according to their research via Solscan, around $6 million worth of funds have already been siphoned from Phantom wallets during a 10-minute period on August 2. In one instance it appears a Phantom wallet user had $500,000 worth of USDC drained from their account.

???!!! https://t.co/sBDgxqGyaw
— Matthew Graham (@mattysino) August 2, 2022

Popular scam detective and self-described “on-chain sleuth” @zachxbt also did some digging and revealed to their 274,800 followers that the hackers initially funded the primary wallet associated with this attack via Binance seven months ago.

The transaction history shows that the wallet remained dormant until today before the hackers conducted transactions with four different wallets 10 minutes before the attack started.

Scammers wallet funded via Binance 7 months agohttps://t.co/5gQbObcsg4 https://t.co/sco5SPBrne pic.twitter.com/AL6Hm4F3R3
— ZachXBT (@zachxbt) August 3, 2022

At this stage it is unclear if the hack is ongoing, where it originated and if more user funds are still at risk. However in response to @zachxbt’s post, user @cryptojpeg noted that:

“Only 13 txn out of which 3 of those are solana deposit txn and 1 is drain txn So basically one of these 9 txn made the wallet vulnerable to the drain, if it's not related to something else.”

Cointelegraph has reached out to Phantom for comment on the matter, and will update the story if the firm responds.

Solana hack