The decentralized finance protocol Raydium, based on Solana, has suffered an attack, according to a statement from the developer. An initial investigation by the team revealed that the attacker gained control of the exchange owner’s account. The team said “authority” over the automated market maker and farming programs have been put on hold “for now.”
An exploit on Raydium is being investigated that affected liquidity pools. Details to follow as more is known
⁰Initial understanding is owner authority was overwhelmed by attacker, but authority has been halted on AMM & farm programs for now
Attacker accnthttps://t.co/ZnEgL1KSwz— Raydium (@RaydiumProtocol) December 16, 2022
An exploit in Raydium that affected liquidity pools is being investigated. Details to follow as more is known
Initially it is understood that the owner’s authority was overridden by the attacker, but authority has stopped at AMMs and farming programs for now.
attacker account
Twitter user and researcher ZachXBT reported that the attacker has transferred $2 million to Ethereum “so far”
Then bridged to ETH (~$2m so far)https://t.co/3OYxDThv7I
— ZachXBT (@zachxbt) December 16, 2022
Around 2 pm UTC on December 16, a Raydium manager account posted almost 1,000 transactions on the Solana network.
Each transaction withdrew liquidity from Raydium without depositing the corresponding LP token, thereby seizing funds from liquidity providers. Various tokens were stolen in the attack, such as US Dollar Coin (USDC), Wrapped SOL (wSOL), Raydium and others.
The exploit appears to have been first discovered by the Prism development team. They posted a warning at 2:01 that an attacker was draining Raydium’s liquidity without depositing or burning LP tokens. Prism has warned its users to remove their Prism and USDC tokens from the exchange immediately.
There seems to be a wallet is draining LP Pools from Raydium liquidity pools using admin wallet as a signer without having/burning LP tokens.
We withdrew protocol provided PRISM/USDC liquidity from Raydium
WITHDRAW YOUR PRISM/USDC LIQUIDITY FROM RAYDIUM
— PRISM (@prism_ag) December 16, 2022
It seems that a wallet is draining LP Pools from Raydium liquidity pools using admin wallet as signer without holding/burning LP tokens.
We removed the liquidity of the PRISM/USDC pair provided by the Raydium protocol
WITHDRAW YOUR PRISM/USDC LIQUIDITY FROM RAYDIUM
40 minutes later, the Raydium team took to Twitter to confirm that the exchange had been hacked.
According to cryptocurrency auditing firm Ottersec, the attacker has drained the funds invoking the contract’s withdraw_pnl function, which is used by the developer to withdraw commissions. The firm did not specify if this function can be used to withdraw all the liquidity or only a small percentage of the funds.
Nansen Portfolio, a cryptocurrency analytics firm, has confirmed that the attacker drained more than $2.2 million from the exchange.
The wallet draining LP Pools from Raydium liquidity pools has received over $2.2M now, including $1.6M $SUN
Track here: https://t.co/IQedsOstPE pic.twitter.com/OAQJgaq5Mc
— Nansen Portfolio (@nansenportfolio) December 16, 2022
As of this writing, the Raydium team is still investigating the exploit and has not yet announced whether compensation will be offered to the victims of the attack.
Admin account hacks have been a recurring problem in the crypto space recently. On December 2, the Ankr protocol deployment key was stolen and the attacker used it to withdraw $5 million worth of BNB. At the beginning of the year, the Ronin network bridge was hacked by similar means. In this case, the attacker fled with loot of more than $600 million in cryptocurrency.
Ankr has since reimbursed victims, and Ronin developer Axie Infinity has promised to do the same.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information presented here should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the entire amount invested may be lost. The services or products offered are not directed or accessible to investors in Spain.