Decentralized exchange (DEX) Raydium sustains a loss amounting to $2 million over an owner authority attack. The decentralized finance (DeFi) protocol subsequently pauses automated market maker (AMM), liquidity pools, and farm programs’ “authority.”
The investigation by Raydium unveils the said attacker managed to take control of Raydium owner’s account.
The DEX protocol, based on the Solana blockchain, released an official statement on the incident via a tweet:
The account of their liquidity protocol (LP) attacker is also exposed by Raydium in their official tweet on the incident. Maliciously acquired cryptocurrencies worth $2 million are parked in the culprit hacker’s account.
A premier Solana DeFi platform, Raydium lets users trade various cryptocurrencies with no intermediary.
Numbers from Raydium reveal $45 million locked in its trading pools. The past 24 hours’ trade volume of the Raydium exchange stands at $4 million.
An alert on the said incident in question was reportedly first released by the developers team of Prism. Prism then advised its users to withdraw their cryptocurrencies from the Raydium exchange.
Prism flagged the instance of the attacker removing the Raydium liquidity whilst not depositing and burning the LP tokens.
Prism subsequently withdrew the PRISM/USDC liquidity protocol they had with Raydium.
Several firms working on crypto analytics and auditing ensued with their findings.
Worth mentioning is Ottersec (a crypto auditing firm), revealing the culprit invoked the ‘withdraw_pnl’ function on the contract to drain the funds. This ‘withdraw_pnl’ function facilitates the developer to withdraw fees.
Cryptocurrency analytics firm, Nansen Portfolio, revealed the culprit removed over $2.2 million from the Raydium exchange. In it, $1.6 million were in Solana (SOL), per Nansen.
Official investigation by Raydium is still underway at press time, whether or not reimbursements to the attack sufferers would be made is unknown.