Skip to main content
Sign in
Cashio1 decision on this page

Audit log

Every state-changing event for Cashio: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-19 20:04:08Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 420,837,875
    sig
    3yruQw583pRq…xntSsxZHexplorer ↗
    hash
    EZvD1i5Qm5E4…korfcAk8sha256 → base58
    verifying row…full verify ↗
    canonical bytes (6798 B) ▸
    {"actor":"system:backfill","investigation_id":"2098c3c5-0cdc-4c96-a8bf-cadb693e915a","kind":"publish","page_slug":"cashio","published_at":"2026-05-19T20:04:07.967Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Cashio","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/layer2/2022/08/04/master-of-anons-how-a-crypto-developer-faked-a-defi-ecosystem"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2022/03/23/stablecoin-cashio-suffers-infinite-glitch-exploit-tvl-drops-by-28m"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-cashio-hack-march-2022"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-cashio-hack-march-2022"},{"credibility":3,"name":"","type":"other","url":"https://www.certik.com/resources/blog/cashio-app-incident-analysis"},{"credibility":3,"name":"","type":"other","url":"https://ackee.xyz/blog/2022-solana-hacks-explained-cashio/"},{"credibility":3,"name":"","type":"other","url":"https://beincrypto.com/solana-fake-account-exploit-on-cashio-how-it-happened/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.certik.com/resources/blog/cashio-app-incident-analysis"},{"credibility":3,"name":"","type":"other","url":"https://cryptobriefing.com/millions-lost-as-solana-defi-app-cashio-suffers-hack/"},{"credibility":3,"name":"","type":"other","url":"https://www.quadrigainitiative.com/casestudy/cashioappsolanafakeaccountexploit.php"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/layer2/2022/08/04/master-of-anons-how-a-crypto-developer-faked-a-defi-ecosystem"},{"credibility":3,"name":"","type":"other","url":"https://www.nasdaq.com/articles/the-fake-team-that-made-solana-defi-look-huge"},{"credibility":3,"name":"","type":"other","url":"https://www.cryptotimes.io/2022/08/05/founders-revealed-to-pump-tvl-on-solana-launch-sybil-attack/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-cashio-hack-march-2022"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://fortune.com/2022/03/25/crypto-robin-hood-stole-50-million-hacker-heist-cashio/"},{"credibility":3,"name":"","type":"other","url":"https://www.web3isgoinggreat.com/?id=robin-hood-esque-attacker-steals-52-million-from-cashio-then-returns-smaller-amounts-and-pledges-to-donate-the-rest-to-charity"},{"credibility":3,"name":"","type":"other","url":"https://thedefiant.io/news/hacks/cashio-exploit-refund"},{"credibility":3,"name":"","type":"other","url":"https://fortune.com/2022/03/31/crypto-robin-hood-50-million-theft-apply-and-get-a-refund-hacker-cashio/"},{"credibility":3,"name":"","type":"other","url":"https://solananewstoday.com/2022/03/28/the-cashio-vulnerability-against-saber-and-our-users-what-happened-and-what-we-are-doing-about-it/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-cashio-hack-march-2022"},{"credibility":3,"name":"","type":"other","url":"https://www.certik.com/resources/blog/cashio-app-incident-analysis"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/layer2/2022/08/04/master-of-anons-how-a-crypto-developer-faked-a-defi-ecosystem"},{"credibility":3,"name":"","type":"other","url":"https://www.vidma.io/blog/the-cashio-hack-lessons-from-a-48-million-defi-exploit"}]}],"sources_used":[],"summary":"Cashio was a Solana-based algorithmic stablecoin protocol that issued the CASH token, collateralized by Saber LP tokens. On March 23, 2022, an attacker exploited a critical missing validation flaw in the smart contract to mint approximately 2 billion CASH tokens backed by worthless fake collateral, draining roughly $52 million in real assets and permanently destroying the token's USD peg. The protocol was unaudited, never compensated victims in full, and its pseudonymous creator later admitted the code was rushed and insecure.","timeline":[{"date":"2021-11-23","event":"Ian Macalinao, operating as 0xGhostchain, tells the Cashio Discord community 'I personally audited it,' a claim he later contradicts.","source":""},{"date":"2021-11-01","event":"Cashio is launched on Solana, built by Ian Macalinao under the pseudonym 0xGhostchain, as part of an ecosystem of protocols around the Saber DEX. The code was reportedly rushed to meet a Breakpoint conference deadline.","source":""},{"date":"2022-03-23","event":"Attacker exploits a missing collateral validation flaw in Cashio's smart contract at approximately 8:23 AM UTC, minting ~2 billion CASH tokens backed by worthless fake collateral and draining approximately $52 million in real assets. CASH token collapses to near zero.","source":""},{"date":"2022-03-23","event":"Attacker embeds on-chain message: 'Account with less 100k have been returned. all other money will be donated to charity.' Saber pauses withdrawals to Cashio pools and freezes smart contracts.","source":""},{"date":"2022-03-23","event":"Ian Macalinao publicly acknowledges 'I did not audit Cashio as carefully as I should have,' contradicting prior claims.","source":""},{"date":"2022-03-26","event":"Ian Macalinao writes (in an unpublished blog post) that Cashio's code was insecure because it was 'rushed for this deadline' and pledges to repay affected users from personal token holdings — a promise he does not fulfill.","source":""},{"date":"2022-03-28","event":"Attacker posts second message stating intention was to redistribute wealth and invites victims with over $100,000 in losses to apply for refunds. Saber team states they cannot compensate depositors.","source":""},{"date":"2022-03-31","event":"Attacker opens a refund application process requiring victims to explain why they need their money back; large accounts held by wealthy individuals are excluded from consideration.","source":""},{"date":"2022-06-01","event":"Cashio announces plans on Medium for a new protocol to help victims; approximately $25 million in stolen funds remain unrecovered. Team goes silent on social media.","source":""},{"date":"2022-08-04","event":"CoinDesk publishes 'Master of Anons,' revealing that Ian and Dylan Macalinao operated 11 fake developer identities to inflate Solana DeFi TVL, with Cashio (via 0xGhostchain) being one of those projects.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 079f0cb8-6934-4bf6-bacf-8a86e2246fdf
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.