CashioApp has fallen victim to a $50m hacking attack, which the culprit now says they will send to those less fortunate.
The anonymous hacker responded to pleading from consumers to return their funds as many of the affected parties had invested their savings into various crypto assets traded through CashioApp.
The anonymous hacker said that they would return all holdings that do not exceed $100,000 back to their owners but will retain the remainder and donate it to charities.
Whether those remaining funds will really go to charity organizations has not been confirmed independently.
The hacker managed to breach CashioApp, a Solana-based blockchain exchange, and created two billion additional $CASH tokens, which are the native tokens used by the platform. After a while, the hacker was able to seize real cryptocurrency by inflating the value of the $CASH tokens and selling it afterwards.
The exploit was completed through the use of two bridges called Jupiter and Wormhole which enabled the culprit to trick the $CASH token into an “infinite minting glitch”.
TRM Labs, the company that followed the hack, and investigator Rita Martin explained how this worked. Essentially, people who had stable coins such as USDC locked them into liquidity pools with $CASH to obtain the token and use it as collateral.
For anyone to be able to cash their holdings from the liquidity pool, they would need to wait for $CASH’s price to recover, but a $50m hack does very little to credence. The hacker has already converted what he stole into Ether tokens. The hack was attributed to faulty backend development by the project’s owner, an anonymous entity by the name of 0xGhostChain.
However, the victims have not reported receiving money from the hacker and they are still unaware as to what CashioApp will do next and whether they will see their money returned, according to Yahoo News.