Solana-based decentralized finance protocol Raydium has suffered<\/a> an exploit, according to a statement from the developer. An initial investigation by the team revealed that the attacker took over the exchange\u2019s owner account. The team said that \u201cauthority\u201d over the automated market maker and farm programs has been paused \u201cfor now.\u201d<\/p>\n An exploit on Raydium is being investigated that affected liquidity pools. Details to follow as more is known<\/p>\n \u2070Initial understanding is owner authority was overtaken by attacker, but authority has been halted on AMM & farm programs for now \u2014 Raydium (@RaydiumProtocol) December 16, 2022<\/a><\/p><\/blockquote>\n Twitter user and researcher ZachXBT reported<\/a> that the attacker has bridged $2 million to Ethereum \u201cso far.\u201d<\/p>\n Then bridged to ETH (~$2m so far)https:\/\/t.co\/3OYxDThv7I<\/a><\/p>\n \u2014 ZachXBT (@zachxbt) December 16, 2022<\/a><\/p><\/blockquote>\n Around 2 p.m. UTC on Dec. 16, a Raydium admin account posted<\/a> nearly 1,000 transactions to the Solana network.<\/p>\n Each transaction removed liquidity from Raydium without depositing a corresponding LP token, effectively seizing possession of liquidity providers\u2019 funds. A variety of tokens were taken in the exploit, including US Dollar Coin (USDC), Wrapped SOL (wSOL), Raydium, and others.<\/p>\n The exploit appears to have first been discovered by the Prism dev team. They posted a warning at 2:01 that an attacker was draining liquidity from Raydium without depositing and burning LP tokens. Prism warned its users to withdraw their Prism and USDC tokens from the exchange immediately. <\/p>\n There seems to be a wallet is draining LP Pools from Raydium liquidity pools using admin wallet as a signer without having\/burning LP tokens.<\/p>\n We withdrew protocol provided PRISM\/USDC liquidity from Raydium<\/p>\n WITHDRAW YOUR PRISM\/USDC LIQUIDITY FROM RAYDIUM<\/p>\n \u2014 PRISM (@prism_ag) December 16, 2022<\/a><\/p><\/blockquote>\n 40 minutes later, the Raydium team took to Twitter to confirm that the exchange had been hacked.<\/p>\n According to crypto auditing firm Ottersec, the attacker has drained funds by invoking<\/a> the withdraw_pnl function on the contract, which is used by the developer to withdraw fees. The firm did not say whether this function can be used to withdraw all liquidity or only a small percentage from the pools.<\/p>\n Nansen Portfolio, a crypto analytics firm, has confirmed that the attacker drained over $2.2 million from the exchange.<\/p>\n The wallet draining LP Pools from Raydium liquidity pools has received over $2.2M now, including $1.6M $SOL<\/a><\/p>\n Track here: https:\/\/t.co\/IQedsOstPE<\/a> pic.twitter.com\/OAQJgaq5Mc<\/a><\/p>\n \u2014 Nansen Portfolio (@nansenportfolio) December 16, 2022<\/a><\/p><\/blockquote>\n At the time of writing, the Raydium team is still investigating the exploit and has not yet announced whether compensation will be offered to victims of the attack.<\/p>\n Admin account hacks have been a recurring problem in the crypto space recently. On Dec. 2, Ankr protocol\u2019s deployer key was stolen<\/a>, and the attacker used it to remove $5 million worth of BNB. Earlier in the year, the Ronin network bridge was hacked by similar means<\/a>. In this case, the attacker ran off with over $600 million of crypto loot. <\/p>\n Ankr has since reimbursed victims<\/a>, and Ronin developer Axie Infinity has pledged that it will do the same<\/a>.<\/p>\n<\/div>\n\n
Attacker accnthttps:\/\/t.co\/ZnEgL1KSwz<\/a><\/p>\n\n
![](\"https:\/\/s3.cointelegraph.com\/uploads\/2022-12\/d25b124f-16d7-46a1-9bf6-c7d81e68756a.png\")
\n
\n