Hackers strike again, this time targeting decentralized finance protocol.
Raydium, Solana-based Automated Market Maker (AMM) and decentralized finance (DeFi) protocol, was hacked and lost over $4 million.
The company revealed the news on Twitter on December 16th, stating that the exploit affected its liquidity pools.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is Tezos? XTZ Cryptocurrency Easily Explained (ANIMATED)
Almost seven hours after the initial announcement, Raydium used Twitter to reveal that Raydium's team is working with “3rd-party auditors and teams across Solana to gather additional” information.
In its Twitter thread, the team behind Raydium revealed that the hacker managed to access “the pool owner account” and called “the withdrawalPNL function.” In a nutshell, the function allows collecting protocol or trading fees earned by “swaps in pools.”
Nevertheless, the hacker set “the SyncNeedTake parameters to change the out_put.need_take_pnl for a quote and base tokens in the affected pools to modify expected fees and then withdraw those amounts.”
In total, the hacker stole around $4,395,237 worth of crypto. The malicious actor managed to obtain Raydium (RAY), Lido Staked SOL (stSOL), wrapped Ethereum (whETH), USD Coin (USDC), Solana (SOL), UXD Protocol (UXP), Zebec Protocol (ZBC) and Tether (USDT).
In the tweet, Raydium stated:
As an immediate solution, previous owner authority has been revoked and all program accounts have been updated to new hard wallet accounts. As such, the attacker no longer has access authority and is no longer able to exploit the pools.
It is worth noting that DeFi protocol stated that if a hacker returns all the funds, they will be considered as a white hat hacker and will receive 10% of the total amount (around $440,000).
In a separate blog post shared on December 18th, Raydium overviewed the situation and stated that it will work on “accurately determining the impact of the exploit on the pools for user LP balances and tracking attacker wallets and exploring options for the return of funds.”
