Cypher Protocol Exploited, Will the Hacker Return the Funds? Details

Cypher Protocol, a Solana-based futures DEX, has been forced to pause its smart contract in the wake of an exploit that resulted in a loss of more than $1 million.

The Why

Late last night, Cypher’s devs announced that they had suffered a “security incident”, resulting in the need to pause their smart contract until a post-mortem was carried out. An appeal to the hacker was also made, promising a discussion on the next steps should the bad actor care to reply.

Cypher has has experienced an exploit/security incident. The smart contract has been frozen.

The team is currently working with individuals and investigating

To the hacker: We are writing to see whether you would be open to speaking with us about any potential next steps.

— cypher ©️ (@cypher_protocol) August 7, 2023

The exchange’s mission, which is proudly stated in Cypher Protocol’s Twitter bio, was also cause for mirth.

However, the irony doesn’t stop there. It turns out that the hack occurred during mtnDAO, a hackathon co-hosted by Cypher Protocol and Marginfi, another Solana-based project.

It appears we have a winner – although not by popular vote.

The exploit drained over 38k SOL tokens and more than 123k USDC, adding up to a total of $1,035,203 in ill-begotten gains.

You may also like:

• DeFi Users Warned to Revoke Approvals Before Anthropic’s Mythos AI Launches
• Worldcoin Rival Humanity Protocol’s Token Crashes 88% as $30M Wallet Drain Sparks Security Panic
• SYS Drops 20% After 5B Unauthorized Tokens Minted in Syscoin Bridge Exploit

In a rather perplexing move for the hacker, Binance and KuCoin were chosen for cashing out. By choosing big exchanges with robust cybersecurity teams instead of the well-known crypto mixer route, the hacker runs a much bigger risk of being caught. However, it’s also possible that the exploit was carried out as an impromptu addition to the hackathon. If the funds are meant to be returned, anonymity may not matter to the exploiter as much.

Alternatively, the attack may have been carried out by someone in a country who does not cooperate with Western law enforcement, in which case ease of access to liquidity provided by big CEXs may be the only thing that matters.

Reaching Out Via NFTs.

Since the attack, users have been reaching out to the hacker by sending NFTs with brisk messages to the address involved.

Some of these messages are simple appeals to morality.

“Seriously though, you used Binance and KuCoin to fund and to try and get 30k out. People will find you. Please do the right thing and give the rest back.”

However, other users opted for a terser “Give it back, you sh*tlord”.

Although the size of the exploit is dwarfed by previous attacks on the Solana network, a hack of this size can be a sink-or-swim deal for smaller projects like Cypher Protocol. It remains to be seen what the devs uncover about the attack and if a recovery is possible.