In light of a robbery incident, Cypher Protocol, a Solana-established decentralized futures exchange, managed to freeze $600,000 of stolen crypto assets. On August 7th, the platform fell victim to a security exploit that saw $1 million from its smart contracts drained. It was revealed that the protocol permitted lending and borrowing across primary accounts with various cross-collateralized sub-accounts. Due to certain vulnerabilities, correct tracking of isolated sub-accounts was undermined, leading to an attacker exploiting these faults to sap approximately $1 million in multiple crypto assets, including USDT, SOL, wETH and several other altcoins.
The optimistic advancement in this disturbing situation is that on August 18th, Cypher announced that they had successfully trapped over half of the stolen funds across various CEXs. The return of the funds, however, will depend on these CEXs’ cooperation and the issuance of seizure warrants by law enforcement agencies.
What remains intriguing is the fact that the team at Cypher managed to contact the hacker following the incident, having offered a 10% white-hat bounty of around $120,000. As of the protocol’s statement on August 16th, the cybercriminal had missed the deadline to return the stolen funds, and the bounty was made open to the public. The protocol also hinted at having an inkling of the attacker’s partial identity.
In this twist of events, announcements were made of a redemption plan and a “socialized losses policy” that would distribute remaining assets to the afflicted users. The redemption’s snapshot value will be based on the assets in a user’s account at the time the Cypher protocol was frozen, tallying to about 31 cents on the dollar.
While the exploits experienced by Cypher Protocol proved significant, the De.Fi Rekt database indicates that this was not the largest of exploits in August, ranking it third. Zunami, another DeFi protocol, suffered a more severe $2.1 million flash loan attack on August 13th, while Steadefi lost $1.1 million on August 7th.
The apparent question is, given the nature and regularity of crypto thefts and the risks associated, are the protocols putting in place enough safety measures to mitigate such vulnerabilities effectively? Considering this incidence, while progress has been made in freezing the stolen funds, it still hangs in uncertainty whether or not these funds will be returned to their rightful owners. Consequently, can these digital protocols negotiate effectively with hackers for the return of stolen assets? The crypto world watches with bated breath.