On August 7th, 2023, an attacker exploited cypher’s primary contract by uncovering bugs related to mechanisms involving isolated margin sub accounts, allowing them to end up withdrawing more funds than initially deposited, leaving the system with bad debt.
In total, the following assets were stolen by the attacker:
Below is a detailed account of the events and actions that were taken in the process, this document represents merely a post-mortem and does not include next steps and the team’s proposition for a resolution plan.
2:18 pm UTC - the attacker makes the first deposit into cypher of 0.1 USDC
3:04 pm UTC - the attacker has successfully exploited the protocol using the first master account created and leaves the system with ~$1.925 of bad debt