DeFi protocol Raydium was the victim of a liquidity pool exploit on Friday. The attack appears to have compromised approximately $2M in funds.
Their initial understanding is that the attacker took over the exchange’s admin account. The Solana-based protocol says that “authority” over automated market maker and farm programs has now been temporarily frozen.
After these events, Raydium has since published a list of affected wallets.
Also ,the suspicious activity began when a Raydium admin account removed significant liquidity from the protocol. In total, there were almost 1,000 transactions on the Solana network that did not replace it with the necessary LP token.
Prism Identified The Attack
In essence, this means the liquidity provider’s funds were stolen. Potentially risking the viability of the protocol. The assailant took a variety of tokens, including US Dollar Coin (USDC), Wrapped SOL (wSOL), and Raydium.
Fortunately, the Prism team was able to quickly identify the attack. At 14:01 UTC, they alerted the community that someone was draining liquidity from Raydium without properly storing or burning LP tokens.
In response, Prism immediately issued a warning to its users to withdraw their Prism and USDC tokens from the decentralized exchange as a precautionary measure. Overall, the team’s quick action and communication helped mitigate the potential impact of the attack.
Following these, Raydium confirmed the attack at 14:41 UTC.
The “Post-Mortem”
According to the protocol’s official Twitter account, Raydium is investigating alongside teams from Solana and third-party auditors. As of 21:12 UTC, Raydium have implemented a patch covering their vulnerability.
In the wake of the attack becoming public, the protocol has promptly taken action by revoking the previous owner privileges and replacing “all program accounts with new hard wallet accounts.” Additionally, the protocol has reassured users that it has effectively neutralized the attacker’s threat to the liquidity of the system. Overall, the protocol has taken swift and decisive action to protect its users and restore confidence in the system.
Raydium has invited the perpetrator to return all funds in return for a “white-hat bug bounty”. The attacker can make contact through the “normal channels” or via the address:
0x6d3078ED15461E989fbf44aE32AaF3D3Cfdc4a90
Disclaimer
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.
Source: https://beincrypto.com/raydium-protocol-suffers-a-2m-liquidity-pool-attack/