Raydium подвергается нападению, теряет $2M

Solana-based decentralized finance protocol Raydium has suffered an exploit, according to a statement from the developer. An initial investigation by the team revealed that the attacker took over the exchange’s owner account. The team said that “authority” over the automated market maker and farm programs has been paused “for now.”

Quote.

An exploit on Raydium is being investigated that affected liquidity pools. Details to follow as more is known

⁰Initial understanding is owner authority was overtaken by attacker, but authority has been halted on AMM & farm programs for now
Attacker accnt Raydium (@RaydiumProtocol) December 16, 2022

End of Quote.

Twitter user and researcher ZachXBT reported that the attacker has bridged $2 million to Ethereum “so far.”

Quote.

Then bridged to ETH (~$2m so far) ZachXBT (@zachxbt) December 16, 2022

End of Quote.

Around 2 p.m. UTC on Dec. 16, a Raydium admin account posted nearly 1,000 transactions to the Solana network.

Each transaction removed liquidity from Raydium without depositing a corresponding LP token, effectively seizing possession of liquidity providers’ funds. A variety of tokens were taken in the exploit, including US Dollar Coin (USDC), Wrapped SOL (wSOL), Raydium, and others.

Transactions from the admin wallet that was used in the attack. Source: Solscan.io

The exploit appears to have first been discovered by the Prism dev team. They posted a warning at 2:01 that an attacker was draining liquidity from Raydium without depositing and burning LP tokens. Prism warned its users to withdraw their Prism and USDC tokens from the exchange immediately.

Quote.

There seems to be a wallet is draining LP Pools from Raydium liquidity pools using admin wallet as a signer without having/burning LP tokens.

We withdrew protocol provided PRISM/USDC liquidity from Raydium

WITHDRAW YOUR PRISM/USDC LIQUIDITY FROM RAYDIUM

— PRISM (@prism_ag) December 16, 2022

End of Quote.

40 minutes later, the Raydium team took to Twitter to confirm that the exchange had been hacked.

According to crypto auditing firm Ottersec, the attacker has drained funds by invoking the withdraw_pnl function on the contract, which is used by the developer to withdraw fees. The firm did not say whether this function can be used to withdraw all liquidity or only a small percentage from the pools.

Nansen Portfolio, a crypto analytics firm, has confirmed that the attacker drained over $2.2 million from the exchange.

Кошелек, сливающий LP Pools из пулов ликвидности Raydium, получил более $2,2M, включая $1,6M $SOL

Следите здесь: pic.twitter.com/OAQJgaq5Mc

— Nansen Portfolio (@nansenportfolio) 16 декабря 2022 г.

На момент написания статьи команда Raydium все еще расследует эксплойт и пока не объявила, будет ли предложена компенсация жертвам атаки.

В последнее время взломы учетных записей администраторов стали постоянной проблемой в криптовалютном пространстве. 2 декабря был украден ключ развертывания протокола Ankr, с помощью которого злоумышленник вывел BNB на сумму 5 миллионов долларов. В начале года аналогичным способом был взломан сетевой мост Ronin. В этом случае злоумышленник скрылся с криптовалютой на сумму более 600 миллионов долларов.

Компания Ankr возместила ущерб пострадавшим, а разработчик Ronin компания Axie Infinity пообещала сделать то же самое.