On August 7th, 2023, an attacker exploited cypher’s primary contract by uncovering bugs related to mechanisms involving isolated margin sub accounts, allowing them to end up withdrawing more funds than initially deposited, leaving the system with bad debt.

In total, the following assets were stolen by the attacker:

• 15452.0041 SOL
• 14675.33926 jitoSOL
• 8749.911376 mSOL
• 0.9987616 wETH
• 149205.1138 USDC
• 1 BONK
• 1 UXD
• 1 ORCA

Below is a detailed account of the events and actions that were taken in the process, this document represents merely a post-mortem and does not include next steps and the team’s proposition for a resolution plan.

Incident & Response Timeline

2:18 pm UTC - the attacker makes the first deposit into cypher of 0.1 USDC

3:04 pm UTC - the attacker has successfully exploited the protocol using the first master account created and leaves the system with ~$1.925 of bad debt