Raydium - REKT

The latest entry on our leaderboard comes from a post-FTX wasteland, once a promising hive of VC-backed dev activity.

On Friday, Raydium, a Solana-based AMM, lost a total of ~$4.4M in fees from its liquidity pools.

The alarm was raised by the DEX aggregator PRISM, also on Solana:

There seems to be a wallet is draining LP Pools from Raydium liquidity pools using admin wallet as a signer without having/burning LP tokens.

We withdrew protocol provided PRISM/USDC liquidity from Raydium

WITHDRAW YOUR PRISM/USDC LIQUIDITY FROM RAYDIUM

The official announcement came 40 minutes later, stating that “authority has been halted on AMM & farm programs for now”. In a follow-up post, the team assured users that “a patch is in place preventing further exploits from the attacker.”

While this incident doesn’t look to have caused a total protocol meltdown, losing millions is never a good look.

But who’s still using Solana anyway?

Credit: Raydium, OtterSec

According to OtterSec, the incident appears to have been down to a compromised private key to the owner account of Raydium contracts.

Raydium suspect “a trojan attack and compromised private key for the pool owner account”.

The account had authority over certain functions of Raydium’s pools, allowing the attacker to drain accumulated trading/protocol fees via the withdraw_pnl instruction. The hacker also changed the SyncNeedTake parameter to increase expected fees and withdraw extra funds.

The following pools were affected for a total protocol loss of $4.4M:

SOL-USDC

SOL-USDT

RAY-USDC

RAY-USDT

RAY-SOL

stSOL-USDC

ZBC-USDC

UXP-USDC

whETH-USDC

The majority of funds were bridged to Ethereum, swapped to ETH and have been deposited into Tornado Cash. 100k SOL ($1.4M) remains in the attacker’s Solana address.

Attacker’s SOL address AgJddDJLt17nHyXDCpyGELxwsZZQPqfUsuwzoiqVGJwD

Attacker’s ETH address 0x7047912c295cd54d6617b5d0d6d8b324a11c91db

As ever with cases of “compromised keys” we must ask ourselves if this could simply have been an insider looking for a bit on the side.

The bear market promises a long, tough road ahead for many smaller teams, especially in this context...

The future of Solana feels uncertain.

Following the collapse of FTX and downfall of the now-imprisoned SBF with whom the ecosystem was so closely associated, it’s easy to see how an ecosystem dev might be sick from the fallout and be tempted to take the easy way out.

As with so many of the cases we’ve covered, we’ll likely never know.

Who’s next?

REKT는 익명 작성자들에 의한 공공 플랫폼이며, REKT에 작성된 관점이나 내용에 대해서 그 어떤 책임도 지지 않습니다.

기부 (ETH / ERC20): 0x3C5c2F4bCeC51a36494682f91Dbc6cA7c63B514C

disclaimer:

REKT는 당사 웹 사이트의 익명의 작성자 또는 REKT에 의해 게시되거나 관련된 서비스에서 게시되는 콘텐츠에 대해 어떠한 책임도 지지 않습니다. 당사는 익명 작성자들의 행동 및 게시물에 대한 규칙을 제공하지만, 익명의 작성자가 웹 사이트 또는 서비스에 게시, 전송 혹은 공유한 내용을 통제하거나 책임지지 않으며, 귀하가 웹 사이트 또는 서비스에서 직면할 수 있는 불쾌함, 부적절함, 음란함, 불법 또는 기타 해로운 콘텐츠에 대해서도 책임을 지지 않습니다. REKT는 당사 웹 사이트 또는 서비스 사용자의 온라인 또는 오프라인 행위에 대한 책임을 지지 않습니다.