Cypher

On August 7, 2023, Cypher Protocol, a Solana-based decentralized exchange for margin lending, borrowing, and trading, was exploited, losing approximately $1 million in cryptocurrencies, as reported by CoinDesk. Detected at 20:00 UTC, the attacker exploited two smart contract vulnerabilities: a logic error in CypherSubAccounts that failed to track isolation state changes, allowing cross-collateralized borrowing, and a margin check flaw combined with inactive oracle price feeds, enabling unauthorized borrows, per Rob Behnke’s analysis.

Using multiple CypherAccounts, the attacker drained funds, leaving $1 million in bad debt, per Solscan (3z9u…). Cypher, with $5 million daily trading volume per DeFiLlama, froze its contracts, attempted hacker negotiations, and confirmed no impact on partner marginfi, per Discord (@CypherProtocol).

The hack occurred during Cypher’s mtnDAO hacker house in Salt Lake City, per Twitter (@Cypher_Protocol). No funds were recovered, but the protocol resumed operations after patching, per Reddit (r/Solana).

This exploit, alongside Hashflow’s $605,000 loss, highlights smart contract risks. Cypher’s tale is a digital heist plucked from a coder’s nightmare, where a few errant lines turned a promising protocol into a cautionary epic, urging DeFi projects to wield audits like swords to slay vulnerabilities before they strike.