The Cascade hack has placed another promising DeFi project under pressure after attackers drained $1.34 million in locked user funds from its liquidity vault. The incident has renewed concerns about the safety of pre launch protocols that hold millions in customer deposits before trading begins. It also shows how quickly stolen crypto can move across multiple blockchains, making recovery increasingly difficult.
According to blockchain security firm PeckShield and an official statement from Cascade, the exploit targeted the platform’s Cascade Liquidity Strategy (CLS) vault on Arbitrum.
PeckShield reported, “The exploiter has bridged the stolen funds from Arbitrum to Solana, and then bridged them to Ethereum via Relay Protocol in DAI.” The protocol acknowledged the Cascade hack and said it is investigating the incident while tracking the stolen assets.

Cascade Hack Followed a Carefully Planned Laundering Route
The Cascade hack unfolded through a series of cross chain transactions designed to cover the attacker’s tracks. On chain data shows the stolen 1.34 million USDC first moved from the compromised vault to one Arbitrum wallet before being transferred to a second wallet. The attacker then bridged the entire balance to Solana, swapped the USDC into DAI, and sent the funds back to Ethereum through Relay Protocol.
Once on Ethereum, the funds arrived in two deposits of 801,212 DAI and 536,000 DAI, totaling roughly 1.33 million DAI. The second transfer was later divided into three wallets holding 178,000 DAI, 178,000 DAI, and 180,000 DAI. Investigators believe the cross chain transfers were intended to make the stolen funds harder to trace. Security experts also noted that converting USDC into DAI is a familiar tactic after a DeFi hack because Circle can freeze stolen USDC, while DAI cannot be blacklisted by a central issuer.
Locked Deposits Left Users With No Way to Exit
The Cascade hack hit users especially hard because the CLS vault contained pre allocated deposits from Cascade’s invite only First Wave campaign. According to the project’s documentation, the CLS serves as the protocol’s native liquidity strategy, supporting orderbook depth and liquidation flows while rewarding early participants with points before the public launch.
Users deposited USDC on Arbitrum expecting future incentives, but those funds remained locked until trading went live. That meant affected users had no opportunity to withdraw before the exploit occurred. Cascade also expanded the CLS vault throughout early 2026 by progressively raising its deposit cap before opening a final $5 million allocation window on January 21, bringing even more eligible users into the program.
Strong Backing Could not Prevent the Exploit
Before the Cascade hack, the project attracted significant investor interest. Cascade secured $15 million in seed funding led by Polychain Capital and Variant in December 2025. The startup described itself as a neo brokerage that planned to provide around the clock perpetual trading across cryptocurrencies, commodities, and tokenized pre IPO shares of companies including OpenAI, SpaceX, and Stripe. Its mainnet launch had been targeted for the first quarter of 2026.
Despite strong financial backing, Cascade has not yet disclosed the technical cause of the exploit. The investigation remains ongoing as security firms continue monitoring wallet activity across multiple networks.

Another DeFi Hack Extends a Difficult Month for the Industry
The Cascade hack arrived less than two days after Ostium paused trading following an oracle based exploit that reportedly drained about $18 million from its OLP vault. The timing is notable because The Block had previously compared Cascade’s permissioned market rollout strategy with Ostium’s model.
The latest DeFi hack also follows recent attacks on Lazy Summer Protocol, which lost more than $6 million through a share price manipulation exploit, and Bonzo Finance on Hedera, which suffered a $9 million loss after an exposed price oracle. Together, these incidents highlight a troubling trend as attackers continue targeting complex liquidity systems holding large pools of user funds.
The Cascade hack is another reminder that rapid innovation must be matched by stronger security. As decentralized finance grows, protocols will need rigorous testing, continuous monitoring, and transparent communication to protect users and maintain trust in an increasingly competitive market.
Conclusion
The Cascade hack shows that even well-funded crypto projects remain vulnerable if security fails to keep pace with innovation. While investigators continue tracing the stolen funds, the incident highlights the growing challenge of protecting assets that move across multiple blockchains in minutes.
For investors, the lesson is clear: strong backing and ambitious plans should never replace careful risk assessment. For developers, every DeFi hack is a reminder that continuous audits, real-time monitoring, and transparent communication are essential to building lasting trust in decentralized finance.
Glossary of Key Terms
CLS: Cascade’s liquidity vault for user deposits.
DeFi: Blockchain-based financial services without intermediaries.
DAI: A decentralized stablecoin that cannot be centrally frozen.
Relay Protocol: A protocol for transferring assets across blockchains.
Arbitrum: An Ethereum Layer 2 network with faster, lower-cost transactions.
FAQs About Cascade Hack
What is the Cascade hack?
A $1.34 million exploit targeting Cascade’s CLS vault.
Why was DAI used?
DAI cannot be centrally frozen like USDC.
Were users able to withdraw funds?
No. Deposits were locked before the exploit.
Is the investigation still ongoing?
Yes. Cascade is continuing its investigation.
