- According to the Solana DeFi protocol, Raydium said that a hacker had gained control of the company’s “owner authority” and had started depleting its liquidity pools as a result.
- Raydium tweeted, “Initial understanding is owner authority was captured by attacker, but authority has been halted on AMM & farm programmes for the time being.
- Approximately $2 million worth of various cryptocurrencies are currently held in the attacker’s account.
Decentralized exchange Raydium, based in Solana, confirmed it had fallen prey to a hack in a tweet.Without the use of intermediaries, DeFi technologies enable users to exchange, borrow, and lend cryptographic assets. By enabling users to contribute assets to a pool, frequently in exchange for token rewards, automated market makers like Raydium do this.
An exploit on Raydium is being investigated that affected liquidity pools. Details to follow as more is known
⁰Initial understanding is owner authority was overtaken by attacker, but authority has been halted on AMM & farm programs for now
— Raydium (@RaydiumProtocol) December 16, 2022
In accordance with its own statistics, Raydium has enabled deals worth $4 million over the last 24 hours and has almost $45 million locked in trading pools. It’s unclear if the erroneous withdrawals from the attacker are included in the $4 million.
The wallet draining LP Pools from Raydium liquidity pools has received over $2.2M now, including $1.6M $SOL
Track here: https://t.co/IQedsOstPE pic.twitter.com/OAQJgaq5Mc
— Nansen Portfolio (@nansenportfolio) December 16, 2022
Ottersec, a crypto auditing company, claims that the attacker syphoned funds by using the contract’s withdraw pnl function, which the developer uses to withdraw fees. The company did not specify whether this capability can be used to remove all liquidity from the pools or only a small portion of it.
A crypto analytics company called Nansen Portfolio has revealed that the attacker stole approximately $2.2 million from the exchange.
There seems to be a wallet is draining LP Pools from Raydium liquidity pools using admin wallet as a signer without having/burning LP tokens.
We withdrew protocol provided PRISM/USDC liquidity from Raydium
WITHDRAW YOUR PRISM/USDC LIQUIDITY FROM RAYDIUM
— PRISM (@prism_ag) December 16, 2022
Initial discovery of the exploit appears to have been made by the Prism development team. They published a notice informing users that an attacker was stealing money from Raydium without first depositing and then destroying LP tokens. Users of Prism were advised to remove their Prism and USDC tokens from the exchange right away.
Just when we think #Solana can’t get worse, it finds a way to surprise us!
— Helin ULKER (@beautyofhelin) December 16, 2022
Helin ULKER (social media influencer) stated that when we believe Solana cannot be any worse, it always manages to amaze us!
It was discovered in the days after FTX’s demise that Serum, a decentralized exchange and liquidity provider co-founded by Bankman-Fried, had its private keys stored on FTX. The news sparked terror throughout the whole network because Serum was connected with practically all significant Solana DeFi projects, including Raydium.
A fork of the project that was unaffected by the FTX debacle was quickly started by Raydium and a number of other protocols after they hastily severed their relations with Serum.
The Raydium team is currently looking into the exploit and has not yet made a decision regarding whether to pay compensation to the attack’s victims.
Raydium’s native token, RAY dropped more than 8% to $0.16 at the press timing in the moments after the attack. According to DeFi Llama, the total value locked on the protocol has decreased by more than 27% over the same time period, to $34.73 million.