Halborn Logo

// Blog

Explained: The Cypher Protocol Hack (August 2023)


Rob Behnke

August 15th, 2023

In August 2023, the Cypher Protocol was the victim of a hack. The attacker exploited a vulnerability in the project’s smart contracts to steal an estimated $1 million from the project.

Inside the Attack

The Cypher Protocol enables marginal lending, borrowing, and trading. The protocol is structured so that a primary user account — called CypherAccounts — can have multiple attached CypherSubAccounts. The primary account will cache the data associated with each of its associated sub-accounts.

By default, all sub-accounts are cross-collateralized with the master account, allowing a deposit into one to be used as collateral for a borrow from another. The protocol allows a sub-account to be isolated — disabling this functionality — but an error in the code when switching to an isolated state causes the master account not to track this change.

Another error in the code dealt with margin checks before allowing a borrow. An error in these checks and the fact that oracle price feeds were not yet active allowed a user to perform borrows when they should not have been able to.

The attacker exploited this vulnerability using multiple different primary accounts. As a result, they were able to drain an estimated $1 million in assets from the Cypher Protocol.

Lessons Learned from the Attack

The Cypher Protocol hack was made possible by two errors in the protocol’s smart contracts. These vulnerabilities allowed the attacker to take out bad loans and leave the protocol saddled with over $1 million in bad debt.

These types of vulnerabilities — both business logic and implementation errors — can be found and fixed by a security audit before a protocol is launched. 

To find out how to secure your smart contracts against attacks, get in touch with Halborn.