Raydium Announced A Detailed Post-Mortem Of Hack
As Coincu reported, Raydium experienced an attack caused by the private key leak of the fund pool owner accounts. Now the patch has been applied and the platform is looking to recover the tokens. The project also announced details of the aftermath and upcoming plans for restoration.
On December 16, 2022, a malicious actor used the Pool Owner account to start an exploit on the authoritative account of the Raydium Liquidity Pool V4. OtterSec, a blockchain audit company, also published a description of the attack.
The aforementioned Pool Owner account was first set up on a virtual machine with a separate internal server. Additional investigation has revealed that there is currently no proof that the Pool Owner account’s private key has ever been passed, shared, moved, or kept locally outside of the virtual machine where it was first installed.
According to the Raydium team, an attacker can gain control of a remote server leading to a trojan attack is possible.
“Initial suspicions are that the attacker may have gained remote access to the virtual machine or internal server where the account was deployed. The exact intrusion vector has yet to be identified, but a trojan attack may be one possibility.”
The Raydium exploiter account appears to be involved in additional illicit conduct on Solana, according to a preliminary examination. A tweet from cloudzy.sol on November 7 detailing a wallet to exploit totaling 198 SOL that ultimately ended up in the same account that paid the principal Raydium exploiter wallet as described in the initial post-mortem tweet is one indicator of this.
Eight continuous product liquidity pools on Raydium were compromised, and a total of about $4.4 million in funds were taken. The exploit did not impact RAY staking programs or concentrated liquidity pools. The exploit had no impact on any other pool or funds on Raydium.
In order to effectively assess the impact of the exploit on the pools for user LP balances and track attacker wallets, Raydium is simultaneously pursuing possibilities for the repatriation of cash.
The team acknowledged that the monies in question are causing anxiety for all parties but added that more time was needed to gather data and information in order to evaluate all possible future courses of action. As more information becomes available, it will be announced.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join us to keep track of news: https://linktr.ee/coincu