Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Zenger
Zenger
National
Martin M Barillas

Robbing Hood: USD 50 Million Crypto Bandit Wants To Pay It Back To The Poor

A hacker, explores methods for breaching defences and exploiting weaknesses in a computer system or network. (Zenger)

A ‘Robin Hood’ cryptocurrency bandit who stole from the rich to give to the poor has pledged to compensate any poor investors who lost out.

Thousands of cryptocurrency account holders who lost out in the raid by the unknown bandit had until yesterday (Thursday, 7th April) to apply for a refund of millions of dollars stolen online by the as-yet-unidentified hacker.

A statment from Cashio regarding an infinite mint glitch, on 23rd March. (Zenger)

The person or persons behind the theft had used a vulnerability in the Cashio cryptocurrency app to drain Saber CASH reserves on 23rd March.

Using fake Crate and Arrow accounts, the hacker used the disguised accounts in the app’s Bank program, which controlled the minting of CASH.

By swapping the tokens out of the Solana blockchain, in just an hour, the hacker withdrew USD 52.8 million (GBP 40.7 million) in stablecoins, and then swapped it to Ethereum through ParaSwap and Curve.

Saber then halted all withdrawals into Cashio pools, cooperating with Cashio.app to freeze its smart contracts and contacted protocols using CASH.

A statment from Cashio regarding a refund, on 31st March. (Zenger)

Cashio.app has been kept offline since then. As a result, the US-dollar-based CASH stablecoin dropped from USD 1 (GBP 0.77) to USD 0.00005 (GBP 0.000038). Some Cashio.app users lost hundreds of thousands of dollars, while others lost more than USD 1 million (GBP 770,000).

Law enforcement has been made aware of the hack and theft, while a USD-1,000,000 reward is being offered for information leading to the arrest and conviction of the hacker or hackers, or the recovery of the stolen assets. Information can be sent to bounty@saber.so.

While the hacker remains anonymous, Ethereum has flagged an account that, as of 31st March, held USD 54 million (GBP 41.6 million) in Ether cryptocurrency.

Not long after the theft, the hacker or hackers (dubbed Robin Hood) issued a message in an Ethereum transaction that offered refunds to victims who lost less than USD 100,000 (GBP 77,000). The rest, the hacker claimed, would be given to charity.

But by 28th March, Robin Hood presented new conditions, offering restoration of funds for some of those holding more than USD 100,000. In a separate Ethereum message, Robin Hood claimed that the intention of the hack was to take money only from those who do not need it.

A hacker, explores methods for breaching defences and exploiting weaknesses in a computer system or network. (Zenger)

To get their money back, Robin Hood, or whatever group is behind the theft, is demanding applications for the funds, but rich Americans and Europeans need not apply. On the Cashio Discord server, ‘jimthereaper’ and ‘The Saint Eclectic’ were chosen by Robin Hood to collect victims’ applications.

In a 30th-March tweet, ‘The Saint Eclectic’ wrote: “I’ve been working with community members to gather the information required but the @CashioApp & @Saber_HQ teams NEED to step up more.”

In response, Cashio wrote that it is “working nonstop” on every refund submission, while pleading “this takes some time”. It urged those impacted to go to its Discord server and fill out the required refund forms.

As the refund deadline loomed, ‘The Saint Eclectic’ shared a message that Cashio sent to the exploiter, which read: “We have compiled the information for the $36m that was affected…”

Cashio accepted “full responsibility of this situation”, and asked the exploiter to consider the effects for all involved “regardless of what they’ve invested” because their lives have been “deeply impacted by this event”.

A statement from Cashio regarding an infinite mint glitch, on 6th April. (Zenger)

‘The Saint Eclectic’, who reportedly also lost an investment in the cryptocurrency, tweeted: “The Community is hoping these refunds will be kindly considered & a good/suitable outcome for all parties. Thank you to everyone who helped, shared & supported the community.”

Saber launched its first CASH/USDC pool on the Solana blockchain in November 2021 while partnering with Cashio. Users can provide liquidity in CASH and USDC, earn trading fees, or exchange CASH for other stablecoins on Saber.

Stablecoins are cryptocurrencies that have a relatively stable price pegged to a real currency or commodity, or have a supply regulated by algorithm.

Saber is an automated market maker (AMM) or decentralized exchange protocol that uses algorithms to price assets. It facilitates the transfer of assets between Solana and other blockchains.

By depositing cryptocurrencies there, according to Saber, users can earn passive yield from transaction fees, token-based incentives, and eventually automated decentralized finance strategies.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.