Defi Security Breaches: Cypher Protocol and Steadefi Hit by Attacks
On August 7, 2023, both Cypher Protocol and Steadefi, prominent decentralized finance (Defi) platforms, fell victim to security breaches, resulting in substantial financial losses.
Cypher Protocol Exploit: $1 Million in Losses
The security breach targeted Cypher Protocol, a decentralized futures exchange operating on the Solana blockchain. The attack led to an estimated loss of approximately $1 million. The attacker successfully siphoned off funds by exploiting vulnerabilities.
Steadefi Breach: Losses Exceeding $334,000
Concurrently, Steadefi experienced a breach that resulted in losses exceeding $334,000. The attacker gained unauthorized access to the team’s deployer wallet, exploiting weaknesses in the platform’s security.
Cypher Protocol’s Response and Mitigation Efforts
Upon discovering the security breach, Cypher Protocol promptly suspended its smart contracts to prevent further damage. An immediate investigation was initiated to identify the root cause of the breach and assess the extent of the damage.
The breach occurred during the mtnDAO hacker house event, a collaborative event involving Cypher Protocol and Marginfi, another Solana-based protocol. Marginfi confirmed that it remained unaffected by the security breach.
Cypher Protocol revealed that the attacker managed to obtain approximately 38,530 Solana tokens and around $123,184 in USD Coin (USDC), totaling $1,035,203. The illicitly acquired funds were transferred to a wallet linked to the exploit. Notably, the alleged hacker converted 30,000 USDC to Solana USDC address “kiing.sol” on the Binance platform in an apparent effort to liquidate the stolen assets. Interestingly, no Solana-based funds were transferred to the Ethereum network during this incident.
The attacker utilized a newly generated address to carry out the exploit. As of now, the address holds a balance of 39,704 SOL and 123,231 USDC, equating to a total value of $1.04 million. In an unconventional move, Cypher Protocol extended an invitation to the attacker for a dialogue, potentially indicating the possibility of a bug bounty discussion.
The security breaches targeting Cypher Protocol and Steadefi underscore the ongoing challenges faced by Defi platforms in maintaining robust cybersecurity. The incidents have prompted immediate action and collaboration to mitigate the losses and enhance security measures across the Defi ecosystem.