SOL Plummets 10% Following $2 Million Exploit on Solana-Based DEX

307
Crypto Researcher Reveals The 'Dangers of Solana' as Network Outages Persist
Advertisement
   

SOL token lost 9.5% Friday to trade at $12.82 – according to CoinMarketCap – after Solana-based decentralized exchange Raydium was compromised for $2.2 million. In an afternoon tweet on December 16, Raydium protocol wrote that the hacker overrode owners’ authority in the liquidity pools.

An exploit on Raydium is being investigated that affected liquidity pools,” the tweet read. The post, which included the hacker’s account details, added that the “initial understanding is the attacker overtook owner authority, but the authority has been halted on AMM & farm programs for now.”

The exploit was discovered at around 2 PM UTC on Dec. 16, when Raydium admin posted 1,000 transactions to the Solana network – where each transaction moved liquidity without depositing an equivalent LP token. The vulnerability allowed the bad actor to access the LPs’ funds – draining USDC, Wrapped SOL, and native Raydium token RAY.

Per data from analytics firm Nansen, “The wallet draining LP Pools from Raydium liquidity pools has received over $2.2 million now, including $1.6 million SOL,” the company shared the information on its official Twitter account.

Major platforms on Raydium, including Prism and Compendium, withdraw funds

Responding to the security breach, notable platforms based on Raydium have withdrawn their assets – even as the online crypto community faults the DEX for not having a multisig cold storage.

Advertisement
   

Compendium Foundation announced that it had temporarily withdrawn $CMFI, $USDC, and $SOL liquidity from Raydium following the incident. According to the firm,” the attacker gained access to keys used (for collecting) fees from LP pools, and authority has since been halted.”

PRISM – a DEX aggregator aggregating liquidity sources across Raydium and Solana – has also pulled its fund from the exchange. The platform withdrew PRISM/USDC liquidity from Raydium, urging users to do the same. Per Prism’s account of the events, the malicious wallet was “draining LP pools from Raydium liquidity pools using admin wallet as a signer without burning LP tokens.”

Raydium is a decentralized exchange on Solana that allows users to trade varying cryptocurrencies without intermediaries. According to data from DeFi aggregator DefiLlama, Raydium’s total value locked (TVL) is $36 million – down 98% from a high of $2.21 billion in November before the fall of FTX.