January 26, 2023

The DeFi protocol Raydium was the victim of a liquidity pool abuse on Friday. The attack appears to have compromised about $2 million in funds.

Their first understanding is that the attacker has taken over the exchange’s admin account. The Solana-based protocol says “authority” over automated market maker and farm programs is now temporarily frozen.

Following these events, Raydium has since published a list of those affected wallets.

Also, the suspicious activity started when a Raydium admin account drained significant liquidity from the protocol. In total, there were almost 1,000 transactions on the Solana network that failed to replace it with the necessary LP token.

Prisma identified the attack

Essentially, this means that the liquidity provider’s funds have been stolen. Potentially jeopardizing the viability of the protocol. The attacker took several tokens, including US Dollar Coin (USDC), Wrapped SOL (wSOL), and Raydium.

Fortunately, the Prism team was able to quickly identify the attack. At 14:01 UTC, they warned the community that someone was draining liquidity from Raydium without properly storing or burning LP tokens.

In response, Prism immediately issued a warning to its users to withdraw their Prism and USDC tokens from the decentralized exchange as a precaution. Overall, the team’s quick action and communication helped mitigate the potential impact of the attack.

After this, Raydium confirmed the attack at 14:41 UTC.

The “post mortem”

According to the protocol’s official Twitter account, Raydium is investigating alongside teams from Solana and third-party auditors. As of 21:12 UTC, Raydium has deployed a patch that covers their vulnerability.

After the attack became public, the protocol took immediate action by revoking the previous owner’s privileges and “replacing all program accounts with new hard wallet accounts”. In addition, the protocol has reassured users that it has effectively neutralized the attacker’s threat to system liquidity. Overall, the protocol has taken swift and decisive action to protect its users and restore trust in the system.

Raydium invited the unsub return all funds in exchange for a “white-hat bug bounty”. The attacker can contact via the “normal channels” or via the address:

0x6d3078ED15461E989fbf44aE32AaF3D3Cfdc4a90

disclaimer

BeInCrypto has reached out to the company or individual involved in the story to get an official statement on recent developments, but it has not yet heard back.

Leave a Reply

Your email address will not be published. Required fields are marked *