Raydium Exploiter Drains Millions from Liquidity Pools
- Raydium liquidity pools were exploited today for millions of dollars.
- While the exact amount taken is still uncertain, the exploiter currently has over $1.4 million in their Solana wallet.
- They also laundered $2.5 million in ETH through Tornado Cash.
Share this article
Leading Solana decentralized exchange Raydium saw some of its liquidity pools drained of their funds today after an attacker gained special authority over the protocol’s smart contracts.
Solana decentralized exchange Raydium has just suffered an exploit.
According to Solana swap aggregator Prism, which first noticed the hack, earlier today an entity began draining liquidity pools on Raydium using an admin wallet. Security firm OtterSec later hypothesized that the attacker somehow gained access to private keys granting access to Raydium smart contracts.
It’s still unclear how much was drained from Raydium liquidity pools. However, at the time of writing the attacker still had over $1.4 million in their Solana wallet, mostly in SOL and stSOL tokens. The exploiter also bridged over a significant portion of the funds to Ethereum, and sent more than 2,090 ETH (worth roughly $2.5 million) through privacy protocol Tornado Cash.
The Raydium development team announced on Twitter that it believed “owner authority was overtaken by [the] attacker,” confirming Prism and OtterSec’s analyses. This authority has since been revoked; however, Raydium has yet to publish a proper post-mortem, or officially declare the attack over.
Despite suffering the exploit, Raydium still boasts of multiple liquidity pools with millions of dollars worth of liquidity, including its RAY-USDC, SOL-USDC, RAY-SOL, RAY-USDT, and USDT-USDC pools. Data from DeFiLlama indicates that the protocol still holds over $34.7 million in assets. It’s therefore unlikely for the hack to have been fatal to the project.
Raydium’s native token RAY is currently down over 10% on the daily.
This story is developing and will continue to be updated.
Disclaimer: At the time of writing, the author of this piece owned BTC, ETH, and several other crypto assets.