Raydium Protocol Hit by $2M Liquidity Pool Attack

DeFi protocol Raydium was the victim of a liquidity pool exploit on Friday. The attack appears to have compromised approximately $2M in funds.

Their initial understanding is that the attacker took over the exchange’s admin account. The Solana-based protocol says that “authority” over automated market maker and farm programs has now been temporarily frozen.

After these events, Raydium has since published a list of affected wallets.

Also ,the suspicious activity began when a Raydium admin account removed significant liquidity from the protocol. In total, there were almost 1,000 transactions on the Solana network that did not replace it with the necessary LP token.

Prism Identified The Attack

In essence, this means the liquidity provider’s funds were stolen. Potentially risking the viability of the protocol. The assailant took a variety of tokens, including US Dollar Coin (USDC), Wrapped SOL (wSOL), and Raydium.

An exploit on Raydium is being investigated that affected liquidity pools. Details to follow as more is known
⁰Initial understanding is owner authority was overtaken by attacker, but authority has been halted on AMM & farm programs for now
Attacker accnthttps://t.co/ZnEgL1KSwz
— Raydium (@RaydiumProtocol) December 16, 2022

Fortunately, the Prism team was able to quickly identify the attack. At 14:01 UTC, they alerted the community that someone was draining liquidity from Raydium without properly storing or burning LP tokens.

In response, Prism immediately issued a warning to its users to withdraw their Prism and USDC tokens from the decentralized exchange as a precautionary measure. Overall, the team’s quick action and communication helped mitigate the potential impact of the attack.

Following these, Raydium confirmed the attack at 14:41 UTC.

🚨🚨🚨🚨🚨
There seems to be a wallet is draining LP Pools from Raydium liquidity pools using admin wallet as a signer without having/burning LP tokens.
We withdrew protocol provided PRISM/USDC liquidity from Raydium
WITHDRAW YOUR PRISM/USDC LIQUIDITY FROM RAYDIUM
— PRISM (@prism_ag) December 16, 2022

The “Post-Mortem”

According to the protocol’s official Twitter account, Raydium is investigating alongside teams from Solana and third-party auditors. As of 21:12 UTC, Raydium have implemented a patch covering their vulnerability.

1/ Initial Post-Mortem: Raydium is working w 3rd-party auditors and teams across Solana to gather additional info. As of now, a patch is in place preventing further exploits from the attacker.
The following includes info up to now. Big thanks to all teams providing support https://t.co/yKRdA6BAqv
— Raydium (@RaydiumProtocol) December 16, 2022

In the wake of the attack becoming public, the protocol has promptly taken action by revoking the previous owner privileges and replacing “all program accounts with new hard wallet accounts.” Additionally, the protocol has reassured users that it has effectively neutralized the attacker’s threat to the liquidity of the system. Overall, the protocol has taken swift and decisive action to protect its users and restore confidence in the system.

Raydium has invited the perpetrator to return all funds in return for a “white-hat bug bounty”. The attacker can make contact through the “normal channels” or via the address:

0x6d3078ED15461E989fbf44aE32AaF3D3Cfdc4a90

Disclaimer

BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.

Source: https://beincrypto.com/raydium-protocol-suffers-a-2m-liquidity-pool-attack/