Raydium: The attacker may have obtained the private keys through remote access to the server and will offer a bounty of 10% of the stolen amount to recover the funds

ChainCatcher news, the Solana ecosystem decentralized exchange Raydium has released an investigation report on the hacking incident. The report states that the Pool Owner account, which could extract liquidity pool funds, was initially deployed on a virtual machine with dedicated internal servers, and there is no evidence that the private key of the Pool Owner account was locally transmitted, shared, transferred, or stored outside of its initially deployed virtual machine. Preliminary suspicions suggest that the attacker may have remotely accessed the virtual machine or internal server where the account was deployed. The attack involved seven tokens: ETH, USDC, RAY, SOL, stSOL, UXP, and ZBC, with a total amount of approximately $4.4 million.

Raydium stated that patches had previously been deployed to revoke the permissions of the attacked address and transfer the permissions to a cold wallet address. Additionally, unnecessary management parameters were removed yesterday at 18:27 Beijing time to prevent the liquidity pool from being affected. Raydium is currently determining the impact of the hacking incident on the liquidity pool and is also working with the Solana team, third-party auditors, and centralized exchanges to locate the attacker. They are willing to offer 10% of the stolen amount and the stolen RAY as a bounty in exchange for the return of the stolen funds. (Source link)