
The Cascade protocol, backed by Polychain Capital and Variant, reported an exploit in the CLS-vault (Cascade Liquidity Strategy). 1.34 million USDC were withdrawn from user funds.
The withdrawal scheme was as follows: Arbitrum → Solana → Ethereum; at the final stage, via RelayProtocol, the funds were converted into DAI.
The CLS-vault held closed deposits from users participating in the First Wave invite program: participants deposited USDC on Arbitrum before trading launched to earn points. The funds were locked until listing—meaning that affected users couldn't withdraw them even before the attack.
Continue reading this article on source: x.com