Solana-based DEX Raydium released an initial report about the incident it was hacked, saying the the exploit appears to stem from a trojan attack and compromised private key for the pool owner's account. The total loss is around $4.395m. Raydium has released a patch to prevent further exploits from the attacker.
According to Raydium, the attacker accessed the pool owner account and was then able to call the withdrawalPNL function, which is used to collect trading fees earned by swaps in pools. The attacker was also able to set the SyncNeedTake parameters to change the out_put.need_take_pnl for quote and base tokens in the affected pools in order to modify expected fees and then withdraw those amounts. Nine pools were affected, including SOL-USDC, SOL-USDT, RAY-USDC, and RAY-USDT, and the total loss is around $4.395m.
The previous owner authority has been revoked by Raydium, and all program accounts have been updated to new hard wallet accounts, so that the attacker no longer has access authority. Raydium said that if the attacker returns the funds, 10% of the total amount will be offered and considered as a white-hat bug bounty.
DeFi
DEX
Solana
Security Incidents
