Raydium discloses hack details and compensation plan

Raydium team has disclosed the details of the hack on the protocol that took place six days ago and has offered a compensation plan for all affected users.

On December 16, 2022, at 10:12 UTC, a hacker launched an attack on the Raydium Liquidity Pool V4’s authority account by acquiring access to the Pool Owner 1 (Admin) account.

According to the official discourse group post, the hacker accessed eight Raydium constant product liquidity pools, accumulating around 4.4 million USD in stolen cash. To recompense victims who lost RAY, also known as Raydium tokens, the team will spend its own unlocked tokens.

However, the developer lacks the stablecoin and other non-RAY tokens necessary to compensate victims. As a result, it requests a vote from RAY holders to use the DAO treasury to purchase the necessary tokens and recompense people harmed by the exploit.

According to a separate post-mortem report, the attacker’s initial step in the hack was to get access to an admin’s pool private key. The team does not know how this key was obtained, but it believes it was gained via infecting the virtual computer that contained the key with a trojan application.

Once they got the key, the attacker called a function to remove transaction fees that would typically be sent to the DAO’s treasury to be used for RAY buybacks. Transaction fees on Raydium do not always go to the Treasury when a swap occurs. Instead, they hang out in the pool of the liquidity provider until an admin takes them out. But using parameters, the smart contract monitors the sum of fees owed to the DAO. This should have stopped the attacker from being able to withdraw more than 0.03% of the total trading volume that had taken place in each pool since the last transaction.

However, a contract vulnerability allowed the attacker to manually alter the parameters, giving the impression that the whole liquidity pool was made up of transaction fees. The perpetrator was able to take all the money out. After the money was taken out, the hacker could manually exchange it for other tokens and then send the money to other wallets under his or her control.

As a result of the hack, Raydium has been in touch with a number of Solana teams, third-party auditors, and centralized exchanges that have given support and possible clues on the attacker and pertinent accounts. The protocol is collecting snapshots and data for all LP balances and matching position sizes prior to the hack, as well as extrapolating the difference in initial balances caused by the vulnerability.

Additionally, the team has upgraded the app’s smart contracts to remove admin control over the parameters that the attacker exploited.

Read Also:Layer 2 Labs raises $3 million to bring Drivechains to Bitcoin