Solana’s hack story continues with Raydium Protocol as the new victim

Raydium Protocol, an AMM on Solana’s network, was hacked. The hacker gained owner authority and accessed massive amounts of funds through the protocol’s liquidity pools.

Radiyum Protocol, an order book AMM (Automated market Maker) on the Solana [SOL] network, was hacked on 16 December. Reportedly, the hacker extracted funds from various Raydium liquidity pools without owning or burning any LP tokens.

An exploit on Raydium is being investigated that affected liquidity pools. Details to follow as more is known

⁰Initial understanding is owner authority was overtaken by attacker, but authority has been halted on AMM & farm programs for nowAttacker accnthttps://t.co/ZnEgL1KSwz

— Raydium (@RaydiumProtocol) December 16, 2022

How did the hacker go about it?

Through the help of multiple organizations, the team at Radium Protocol figured out how the attack took place. Allegedly, the hacker took owner authority, through which he could access these funds.

1/ Initial Post-Mortem: Raydium is working w 3rd-party auditors and teams across Solana to gather additional info. As of now, a patch is in place preventing further exploits from the attacker.

The following includes info up to now. Big thanks to all teams providing support https://t.co/yKRdA6BAqv

— Raydium (@RaydiumProtocol) December 16, 2022

The attack stemmed from a Trojan attack that was sent to the pool’s owner account along with a compromised private key. After getting access to the owner’s account, the hacker called a function that collected trading and protocol fees.

There was a comprehensive list of pools that the hacker exploited. Some of these pools included SOL-USDC, SOL-USDT, and RAY-USDC. The overall amount of funds that the hacker left was around $4.3 million.

5/ Pools affected:

SOL-USDCSOL-USDTRAY-USDCRAY-USDTRAY-SOLstSOL-USDCZBC-USDCUXP-USDCwhETH-USDC

Approx total funds exploited by attacker

RAY 1,879,638stSOL 3,214whETH 39.3USDC 1,094,613SOL120,512UXP 21,068,507ZBC9,758,647USDT110,427

Total USD: ~4,395,237

— Raydium (@RaydiumProtocol) December 16, 2022

The stolen assets included SOL, staked SOL, and USDC, among others.

Next steps for Solana

Raydium Protocol’s immediate response was to revoke the account’s owner authority. To incentivize the attacker to return the funds, the developers have kept 10% of the stolen amount as a bounty. If the hackers were to return the funds, they would receive the reward in their account.

7/ If the attacker returns the funds, 10% of the total amount will be offered and considered as a white-hat bug bounty. The attacker is encouraged to reach out through normal channels or via the below address

0x6d3078ED15461E989fbf44aE32AaF3D3Cfdc4a90

— Raydium (@RaydiumProtocol) December 16, 2022

Looking at SOL

With multiple downtimes, FTX exposure, and now, hackers attacking protocols on its ecosystem, Solana could not catch a break in 2022.

Its TVL was massively affected due to these events. According to DeFiLlama, Solana’s TVL decreased from 1.37 billion to $259.74 million in the past four months.

If things continued to move in this direction, it would be extremely difficult for Solana to recover from this crypto winter.

Source: DefiLlama

However, there were a few things that Solana users could be grateful for in these turbulent times.

According to data from SOLSCAN, the fees generated by the Solana network increased over the last seven days. Along with that, the TPS for Solana rose as well.

Source:SOLSCAN

It remains to be seen when Solana’s bad spell will end. SOL, however, was trading at $12.31 at the time of writing. Subsequently, its price fell by 11.95% in the last 24 hours until press time, according to CoinMarketCap.

Read the best crypto stories of the day in less than 5 minutes Subscribe to get it daily in your inbox. Please select your Email Preferences. The Daily Digest The Weekly Digest