Hackers Who Stole $50 Mil In Crypto Say They Will Refund Some Victims


Image: Khosrork/GettyImages

Screen Shot 2021-02-24 at 3

Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.

Last week, a hacker stole around $50 million in yet another attack on a Web3 project. 

The victim this time was Cashio, a so-called algorithmic stablecoin based on Solana. The hackers were able to steal the cryptocurrency thanks to a bug that allowed them to mint a potentially infinite amount of tokens, as Cashio’s developer wrote on Twitter.

Now, the hacker or hackers have announced that they intend to issue refunds to the victims in a message posted on the blockchain on Monday. 


“Have already refunded accounts under 100k which held CASH directly [sic],” the hackers wrote. “The intention was only to take money from those who do not need it, not from those who do. Will be using the ETH gains to return more funds to those affected, even some accounts more than 100k. Will not return funds to accounts that already receive refund.” 


The message the hackers published on the blockchain announcing refunds. (Image: @wireless_anon/Twitter)

The message contained a specific step-by-step process on how to get the refund. But it looks like not everyone will get their crypto back. A Twitter user that goes by wireless_anon created an open-source website for victims that helps them to generate and save message signatures, allowing them to request a refund in an automated way. 

“We will choose who gets a return. Might get all back or some back or none back. Put all the request together in one file, returns will start next week manually. Will take some time,” the message read. 

Are you one of the vicitms of the Cashio hack? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email lorenzofb@vice.com

Several victims are begging to get their crypto back, calling the hacker “Robin Hood.” But it’s unclear if they are the actual victims, and it’s unclear at this point if the hackers will actually return any of the money they stole. 


“Hello, Mr. Robin Hood, I am the victim of this cashio incident, I am from China, Wuhan. During the 2020 Covid-19 outbreak in China, the restaurant I ran didn’t hold up and I lost a lot of money,” one message sent to the hackers on the blockchain reads. 

“Robinhood, I have tried my luck in crypto but ended up with massive losses, debt, and PTSD. My life is in disarray. 3 ETH will put me back in a slightly better position to turn my life around, reads another message on the blockchain. “Please.”

“Hello, we lost our family savings worth $558k and now facing a financial disaster,” another alleged victim wrote

The administrator of the Cashio Discord channel did not respond to a request for comment. The Cashio Twitter account also did not respond to a request for comment. 

The Cashio hack is the latest in a seemingly infinite string of hacks against crypto protocols, decentralized finance (DeFi), and web3 organizations. Just in the first three months of 2022, according to blockchain security company Immunefi, hackers have stolen the equivalent of around $550 million. 

This is also not the first time hackers steal crypto and then return all or at least part of it, with negotiations happening directly on the blockchain. That’s happened already with the Multichain hack, and the Poly Network hack, among others.  

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.