Halborn Logo

// Blog

Explained: Hacks

Explained: The Raydium Hack (November 2022)


Rob Behnke

December 22nd, 2022

In November 2022, Raydium was the victim of an attack. The attacker gained access to the private key that managed project pools, allowing them to drain approximately $4,395,000 in tokens from the affected pools.

Inside the Attack

The Raydium hack began with a Trojan attack against the manager of project pools. Using the trojan, the attacker was able to gain access to the private key of the account that controlled these pools.

With control over this account, the attacker could access privileged functionality within the pools. This includes the withdrawalPNL function, which managed fees for the pool. The attacker was able to modify the parameters within this function to adjust the anticipated fees and then use the function to drain value from vulnerable pools. By exploiting nine pools on the platform, the attacker drained over $4,395,000 from the protocol.

Lessons Learned From the Attack

The Raydium hack is one of a series of hacks in which attackers have gained access to private keys and used them to exploit privileged functionality within a protocol. The use of multi-signature wallets or a decentralized governance scheme — where no single account has such significant power over a contract — would reduce the risk of these types of hacks.

Centralized governance and similar potential vulnerabilities can be identified as part of a smart contract audit. To learn more about keeping your project’s contracts safe, reach out to our Web3 security experts at halborn@protonmail.com.