TechFlow news — The attacker behind the Solana algorithmic stablecoin project Cashio posted an on-chain message tonight stating they will refund accounts holding less than $100,000 worth of CASH, saber CASH/USDC LP, and saber CASH/UST LP tokens. "My goal was only to take money from those who don't need it, not from those who do," the attacker said.
The attacker proposed that Discord users jimthereaper#6550 and The Saint Eclectic#1238 oversee the refund process. Victims are required to submit their ETH address, original Solana wallet address, proof of actual losses, an explanation of fund origins, and reasons why they need the funds—all compiled into a single document. The attacker will manually issue refunds in ETH next week, deciding who qualifies for full, partial, or no recovery.
Previously on March 23, Cashio suffered an infinite minting vulnerability, resulting in losses exceeding $50 million. Following the attack, the project offered a bounty of 1 million USDC if the hacker returned the funds.




