Cypher Exchange Exploit 2023-08-07

From Vulnerapedia
Jump to navigation Jump to search

On 7th August 2023, Cypher protocol, a Solana-based futures decentralized exchange, suffered an exploit incurring losses around $1M. The Cypher team noticed unusual large amounts of borrows across multiple assets which some resulting in borrow caps being triggered. After recognizing an attack, the team froze[1] the pools to mitigate further assets being stolen and more users depositing into the contract.

The exploiter's wallet was revealed[2] through following the fund transfer flow[3]. The funds were withdrawn by the exploiter through Binance and Kucoin, which prompted the team to reach out for further negotiations[4].

Root Cause of Vulnerability

Cypher protocol has multiple account types for users which store data and making lending, borrowing and trading using margins possible.

The main account type is "CypherAccount", also known as the master account and "CypherSubAccount", known as the sub account. These 2 accounts are used alongside each other for the system to work together.


In total, the following assets were stolen by the attacker, which add up to around $1M:

  • 15452.0041 SOL
  • 14675.33926 jitoSOL
  • 8749.911376 mSOL
  • 0.9987616 wETH
  • 149205.1138 USDC
  • 1 BONK
  • 1 UXD
  • 1 ORCA

Mitigation Methods