Solana’s second best possible decentralized exchange Raydium has disclosed how a hacker won entry to its liquidity pools.

In a put up-mortem document on Dec. 18, the Raydium team talked about that a malicious actor exploited the protocol’s Liquidity Pool V4 at round 10 pm UTC on Friday. The attacker made off with $4.4 million from eight of Raydium’s fixed product liquidity pools.

Exploit change: Paunchy medium put up beneath w further exiguous print, alternate choices applied, and next steps.

Raydium deal appreciates the enhance & support bought from groups, the personnel, and security experts exact via Solana up unless now. Extra to reach assist.https://t.co/DvwQ6gZ1nN

— Raydium (@RaydiumProtocol) December 17, 2022

Not like other DeFi exploits that in general private dazzling contract vulnerabilities, the Raydium attacker won entry to the Pool Owner admin account. Alternatively, the Raydium team talked about that there may be now not the kind of thing as a proof that the private key for the Pool Owner account had ever been shared commence air the digital machine where it became once deployed.

“An inner security evaluation is ongoing in reveal in self belief to uncover the nature and root cause in the assist of the account compromise,” talked about the Raydium team.

The protocol’s developers are yet to narrow down on how the private key became once compromised and are for the time being focused on a trojan attack as one who it is possible you’ll maybe be in a space to imagine procedure by which the attacker won entry.

Developers deployed a hot patch at this time after the protocol became once exploited, blockading the exploiter’s skill to further exploit other pools. The team is now pulling snapshots of liquidity supplier balances earlier than the hack to uncover a exact sort resolution to set apart them total. The team also talked about it has been in contact with a alternative of Solana groups, third event auditors and centralized exchanges to trace the attacker’s wallets.

Over the weekend, on-chain analysts identified that the attacker had already begun bridging the stolen funds to Ethereum and sending them to coin-mixer Tornado Cash.

And deposited to tornado money pic.twitter.com/bdma1KoNlA

— MetaSuites (Prev. MetaDock) (@MetaDockTeam) December 16, 2022

Some users had been no longer completely contented with Raydium’s response to the instruct, calling for a more thorough investigation of the inner functions of the protocol.

“I see 2 steps listed for action, whereas the very first one desires to be ‘Paunchy inner audit of all programs from third event security vendor’ For all they know, their inner programs may maybe maybe nonetheless be compromised [sic],” talked about one user on Twitter.