Cypher Protocol, a Solana-based futures DEX, has been forced to pause its smart contract in the wake of an exploit that resulted in a loss of more than $1 million.

The Why

Late last night, Cypher’s devs announced that they had suffered a “security incident”, resulting in the need to pause their smart contract until a post-mortem was carried out. An appeal to the hacker was also made, promising a discussion on the next steps should the bad actor care to reply.

Cypher has has experienced an exploit/security incident. The smart contract has been frozen.

The team is currently working with individuals and investigating

To the hacker: We are writing to see whether you would be open to speaking with us about any potential next steps.

— cypher ©️ (@cypher_protocol) August 7, 2023

The exchange’s mission, which is proudly stated in Cypher Protocol’s Twitter bio, was also cause for mirth.

However, the irony doesn’t stop there. It turns out that the hack occurred during mtnDAO, a hackathon co-hosted by Cypher Protocol and Marginfi, another Solana-based project.

It appears we have a winner – although not by popular vote.

The exploit drained over 38k SOL tokens and more than 123k USDC, adding up to a total of $1,035,203 in ill-begotten gains.

In a rather perplexing move for the hacker, Binance and KuCoin were chosen for cashing out. By choosing big exchanges with robust cybersecurity teams instead of the well-known crypto mixer route, the hacker runs a much bigger risk of being caught. However, it’s also possible that the exploit was carried out as an impromptu addition to the hackathon. If the funds are meant to be returned, anonymity may not matter to the exploiter as much.

Alternatively, the attack may have been carried out by someone in a country wh