In yet another setback for Solana supporters, decentralized exchange Raydium confirmed that it suffered an exploit on Friday.
Early investigations suggest that the hacker managed to take over the protocol’s owner account and used the access to drain funds from the liquidity pools. To protect against further erosion, Raydium has paused the owner account’s authority on automated match maker and farm programs.
According to blockchain analytics firm Nansen, within hours, the attacker stole over $2.2 million worth of crypto, including $1.6 million worth of SOL.
At around 2PM, the hacker’s wallet address had over a thousand transactions, each removing liquidity from Raydium without depositing a corresponding LP token.
The exploit, which was first spotted by Prism, kept on draining funds until Raydium stopped owner account access. Prism also warned its users to immediately withdraw their tokens from the exchange.
After a few hours, the hacker bridged the funds to ETH and routed the funds through crypto mixer Tornado Cash, per crypto sleuth ZachXBT.
Cause of the exploit
According to security auditor Ottersec, the attacker repeatedly invoked the withdraw_pnl function, used by the Solana team to withdraw trading fees, to drain the funds.
Ottersec further confirmed that the root cause might be a private key compromise, but it’s still unclear how the hacker obtained the private key.
At the time of writing, Raydium is still in the process of investigating the issue and hasn’t made any announcements about compensation for the victims.
Admin account exploits have seen a surge recently. Earlier this month, Ankr fell victim to a hack when the deployer’s private key was exposed, costing the firm over $5 million.
In another instance, the Ronin network bridge was hacked for over $600 million in a similar fashion.