Solana-based crypto trading platform Cypher Protocol, which was hacked on August 7, managed to freeze nearly $600,000 on multiple centralized crypto exchanges (CEX).
"$600,000 has been frozen across CEXs, the return of these funds will be predicated on the cooperation of these CEXs and seizure warrants being issued by law enforcement," Cypher Protocol announced on Twitter yesterday.
The team behind the project also thanked on-chain detectives ZachXBT and 0xGroomLake. Cypher Protocol emphasized, that ZachXBT had made an invaluable contribution in the initial stages of freezing stolen funds and had helped the company track down the exploiter. "We would not be in this position without his assistance," the Cypher team added.
Meanwhile, Cypher Protocol admitted that 0xGroomLake assisted the team in identifying the attacker. Previously, the company also expressed its appreciation for the help offered by Jito, marginfi, Wormhole, Triton One, OtterSec, Neodyme, and Mad Shield in the exploit post-mortem analysis released on August 11.
One of the first reports of the hack came on August 8 from cybersecurity firm Beosin, which mentioned that the malicious actor used initial funds to conduct the attack from such popular crypto exchanges as Bitcoin and KuCoin.
In the above-mentioned post-mortem, Cypher stated that the attacker had uncovered "bugs related to mechanisms involving isolated margin sub-accounts, allowing them to end up withdrawing more funds than initially deposited, leaving the system with a bad debt."
The company also shared the exact figures describing its losses with its users. A total of 15452.0041 SOL, 14675.33926 jitoSOL, 8749.911376 mSOL, 0.9987616 wETH, 149205.1138 USDC, 1 BONK, 1 UXD, and 1 ORCA were stolen.
Cypher attempted to contact the attacker and discuss "any potential next steps." On August 10, the team decided to offer a reward to encourage the hacker to cooperate. It announced a 10% bug bounty, which Cypher estimated was worth nearly $120,000, and promised no legal action if the money was returned. The company gave the attacker 24 hours to decide whether to accept this offer and then extended that time by an additional 24 hours.
Eventually, Cypher made the bounty available to the public. "The time for the hacker to return the funds has passed. The bounty is now open to the public," the company announced, promising a reward to anyone, who has "information that aids in a secondary, full identification of the attacker — which leads to conviction and/or return of funds."
To compensate for the losses of its users, Cypher has introduced the Socializing Losses mechanism, which includes redemption packages based on the assets still held in the protocol. "Spot assets value will be booked at the price when the protocol was frozen. Open positions in perp markets will be closed at the price of the underlying asset at the time of protocol freezing." To ensure fair distribution, Cypher takes into account an individual’s share and involvement in the protocol.
The redemption package provided by Cypher "will total about $.31 (31 cents) on the dollar."