The attacker appears to have used the protocol’s own private keys to drain liquidity pools. It’s unclear how they got them.
It’s been a rough holiday season for Solana.
After struggling to recover from debilitating damage wrought on the network by the stunning downfall of one of its most prominent backers, disgraced FTX founder Sam Bankman-Fried, Solana has now suffered a significant hack to one of its largest DeFi protocols.
Early Friday, Solana DeFi protocol Raydium announced that a hacker had managed to overtake the organization’s “owner authority,” and used that access to begin draining Raydium’s liquidity pools. DeFi tools allow users to trade, borrow, and lend crypto assets among each other, without third-party intermediaries. And automated market makers like Raydium accomplish this by allowing users to contribute assets to a pool, often in exchange for token rewards.
Within hours today, a hacker stole over $2.2 million worth of digital assets from such a pool on Raydium, including $1.6 million worth of SOL, according to analysis from blockchain analytics firm Nansen.
The hacker appears to have pulled off the attack by using one of the protocol owner’s private keys. It remains unclear how the hacker accessed that information.
Raydium is one of Solana’s largest decentralized finance protocols, and is considered one of the cornerstones of the Solana DeFi ecosystem. The fact that it was vulnerable to such a top-down method of exploitation led many in the Raydium community to advise withdrawing from the protocol entirely.
In the minutes following the hack, Raydium’s native token RAY fell just over 8% to $0.16 at writing, according to CoinGecko. Total value locked on the protocol has plummeted over 27% in the same period, to $34.73 million at writing, according to DeFi Llama.
The exploit comes just a month after several wallets belonging to FTX, then in the throes of collapse, were drained of $650 million in digital assets. Bankman-Fried later claimed the attack, while not his doing, was potentially the work of a former FTX employee. Bankman-Fried was arrested on Monday for eight criminal charges including conspiracy, wire fraud, and money laundering.
In the days following FTX’s collapse, it was revealed that the private keys to Solana decentralized exchange and liquidity provider Serum—co-founded by Bankman-Fried himself—were housed on FTX. Given that Serum was integrated with almost every major Solana DeFi project, including Raydium, the news spread panic across the entire network. Raydium and a number of other protocols rushed to cut ties to Serum, and then jumpstart a fork of the project untainted by the FTX fallout.
Friday’s Raydium hack, while not necessarily linked to Serum or FTX, indicates that Solana’s worries are far from over.