The team said authority over automated market making and farming programs has been suspended “for now.”
Solana-based decentralized finance protocol Raydium has suffered an exploit, according to a statement from the developer. An initial investigation by the team revealed that the attacker had taken over the account from the exchange owner. The team said “authority” over automated market maker and farm programs has been suspended “for now”.
Twitter user and researcher ZachXBT reported that the attacker had “so far” accrued $2 million in Ethereum.
Around 2 p.m. on December 16 UTC, a Raydium administrator account recorded nearly 1,000 transactions on the Solana network.
Each transaction withdrew liquidity from Raydium without depositing a corresponding LP token, thus seizing funds from liquidity providers. Various tokens were caught in the exploit, including US Dollar Coin (USDC), Wrapped SOL (wSOL), Raydium and others.
Stay safe in Web3. Learn more about Web3 Antivirus →
Transactions from the admin wallet used in the attack. Source: Solscan.io
The exploit appears to have been first discovered by the Prism development team. They issued an alert at 2:01 a.m. stating that an attacker was draining liquidity from Raydium without depositing or burning LP tokens. Prism has warned its users to immediately withdraw their Prism and USDC tokens from the exchange.
40 minutes later, the Raydium team took to Twitter to confirm that the exchange had been hacked.
According to crypto auditing firm Ottersec, the attacker withdrew funds by calling the contract function draw_pnl, which is used by the developer to withdraw fees. The company did not specify whether this feature could be used to take all or only a small percentage of the pools’ liquidity.
Nansen Portfolio, a cryptanalytic firm, confirmed that the attacker embezzled over $2.2 million from the exchange.
As of this writing, the Raydium team is still investigating the exploit and has yet to announce whether compensation will be offered to victims of the attack.
Admin account hacks have been a recurring issue in the crypto space lately. On December 2, the Ankr protocol deployment key was stolen and the attacker used it to remove $5 million from BNB. Earlier this year, the Ronin Network Bridge was similarly hacked. In this case, the attacker got away with over $600 million in crypto loot.
Ankr has since compensated the victims, and ronin developer Axie Infinity has promised to do the same.