Analysis of the Curio Exploit
Learn how Curio was exploited, which resulted in a loss of approximately $16 million.
Youtube Video
Playing the video that you've selected below in an iframe
Raydium suffered loss of $4.395 million due to exploit likely caused by the loss of private key.
On December 16, 2022, Raydium suffered a total loss of approximately $4.395 million due to an exploit affecting multiple liquidity pools likely caused by the loss of private key.
Raydium is an AMM built on the Solana blockchain that utilises a central limit order book to facilitate lightning-fast trades, shared liquidity, and new yield-earning features.
The vulnerability likely resulted from a Trojan horse attack that compromised the owner's private key to the liquidity pool.
After the incident, Raydium deployed a hot patch, or stub, for an existing dependency for all programs, which means that the compromised account's authority was revoked and updated to a new account held on a hardware wallet.
Furthermore, the Raydium AMM V4 program was upgraded using Squads multisig to remove unnecessary admin parameters that could potentially impact funds if compromised.
The team has released the full transaction history as well as the amount of funds lost to the exploiter. The team has also requested the attacker to return the exploited funds, 10% of which will be offered, and considered to them as white-hat bug bounty.
A blockchain team frequently drive their entire attention on securing their smart contracts through stringent audits, bounty programs, and many other focus points. However, infrastructure security is a critical component of securing all such platforms, which is often left out. The web3 area is typically filled with software engineering, marketing, or project management positions, but cyber security specialists who can assist a team to deploy, secure, and isolate their services are excluded.
Using network segmentation, a team can limit the propagation of a Trojan within their network and make it more difficult for an attacker to travel laterally. Another vital step to prevent from vulnerabilities that an attacker can exploit, is to ensure that they are running the latest non-vulnerable versions of software, packages, and operating systems. It is also essential to use secure software that can scan a system for malware and remove any detected threats.
It is critical to change the password or reconfigure the account as a whole to prevent future unauthorized access. Even if an attacker has obtained a password, two-factor authentication methods can help to prevent unauthorized access to accounts to a greater extent.
The impact or aftermath of this attack could have been significantly reduced if Raydium had a dedicated cover pool in the Neptune Mutual marketplace. We have our standard terms and conditions in place that provides coverage to different types of DeFi exploits, however we are open to make exceptions in some cases.
Users who purchase our parametric cover policies do not need to provide loss evidence in order to receive payouts. Payouts can be claimed as soon as an incident like this is resolved through our governance system.
It is also important to keep in mind that prevention is always better than cure. Auditing the smart contracts for vulnerabilities is insufficient due to the existence of varying attack vectors. Neptune Mutual's security team can also assess your preferred protocol for DNS and web-based security, smart contract evaluations, frontend and backend security, intrusion detection and prevention, and other security assessments.
Reference Source