- Cypher Protocol managed to freeze $600,000 in crypto stolen after a recent security breach.
- The cybercriminal took advantage of code flaws, taking assets like USDT, SOL, and wETH.
- Assistance from blockchain detective ZachXBT was crucial in the initial freezing of stolen funds.
Cypher Protocol, a decentralized futures exchange operating on the Solana platform, has successfully halted the movement of $600,000 in stolen cryptocurrency. The digital heist occurred earlier this month due to a security flaw.
On August 18, Cypher Protocol shared via a social media update that they have frozen over half of the pilfered funds on various mainstream exchanges. This achievement was possible with assistance from multiple independent blockchain experts.
The protocol’s team mentioned the potential return of these funds hinges on the collaboration of these exchanges and on obtaining the necessary legal mandates from authorities.
Cypher Protocol came under attack on August 7, losing close to $1 million. This prompted the platform to temporarily stop its smart contracts. Serving as a platform for users to lend and borrow, the decentralized finance (DeFi) exchange features primary accounts complemented by various cross-collateralized sub-accounts. Halborn, a blockchain security company, highlighted that the protocol’s vulnerabilities led to challenges in monitoring individual sub-accounts and inadequate margin verifications prior to loans.
The perpetrator took advantage of these weak spots, utilizing several accounts to siphon off roughly $1 million in diverse cryptocurrency assets such as USDT, SOL, wETH, and more.
Cypher’s team reached out to the cybercriminal on August 10, proposing a reward of approximately $120,000, 10% of the stolen amount, for assisting in rectifying the situation. However, by August 12, the hacker failed to meet the agreed terms. The protocol then went public with the reward offer and even suggested that they might have some leads on the hacker’s identity. Four days after the incident, Cypher revealed a strategy and a “shared losses policy” to allocate the residual assets among the impacted users. They noted that the allocation would be proportionate based on user’s stakes.
Cypher added that the distribution’s worth concerning a margin account would reflect the account’s assets when the protocol was temporarily suspended. Their recent communication acknowledged the critical role of blockchain expert ZachXBT, who played a key role in freezing the stolen assets and provided crucial leads on the hacker’s trail.
While Cypher’s incident is significant, it was not the largest DeFi exploit in August. The Zunami platform lost $2.1 million to a flash loan attack on August 13, and Steadefi faced a $1.1 million breach on the same day Cypher was attacked.
Similar Incident as the Latest Curve Finance Breach
The decentralized finance (DeFi) landscape has been rocked by notable security breaches in recent years, casting a spotlight on its vulnerabilities. Curve Finance, a prominent DeFi platform, found itself at the center of two significant thefts, resulting in severe financial implications for its stakeholders.
On a fateful day in July, Curve Finance grappled with an unforeseen security breach that siphoned off an eye-watering $47 million. This incident was attributed to an exploit in stable pools, traced back to specific flaws in the Vyper software. This compromise led several pools, such as Ellipsis, Alchemix, JPEGd, and Metronome, to bear significant financial brunt. The aftermath saw a considerable $22 million in CRV tokens disappear, driving the token’s value down by 5%.
These episodes underscore the pressing vulnerabilities confronting the DeFi space while illuminating the industry’s tenacity and commitment to restoring equilibrium.