The Solana-based gaming ecosystem Aurory has suffered a significant breach, resulting in the loss of nearly 80% of the liquidity from its AURY-USDC pool on the decentralized exchange (DEX) Camelot. The attack, which occurred on December 17, targeted Aurory’s SyncSpace bridge, a feature that allows users to transfer items between on-chain and off-chain environments with a single transaction.
Just a few hours ago, our team detected unusual activity on our marketplace. After quickly investigating, we discovered that a bad actor was able to exploit our marketplace’s buy endpoint, allowing them to increase their $AURY balance in SyncSpace. This allowed them to withdraw…
— Aurory (Play Now) (@AuroryProject) December 17, 2023
According to initial reports, the exploit took place around 13:00 UTC, causing the liquidity of the AURY-USDC pool to plummet from $1.5 million to approximately $312,000. This drastic reduction has raised concerns within the crypto community. Aurory’s team had previously stated in an October 2022 blog post that a cross-SyncSpace hack was deemed impossible due to the technology’s requirement for signatures to Sync/DeSync assets.
In response to the incident, a team member named Tim explained via social media that tokens belonging to the team were stolen and sold immediately. The team has been actively buying back the tokens while investigating the breach. They have also promised to release a post-mortem report following the completion of an audit.
The Aftermath of Aurory’s Attack
The attack’s impact was felt across the market, with AURY’s trading price dropping to $1.13 before recovering slightly to $1.23, marking an 11% decrease over the previous 24 hours. The event has sparked discussions among users, with one noting the exploiter’s significant effect on the token’s price chart.
This security breach is part of a series of incidents affecting the crypto industry, including an exploit on the trading platform NFT Trade, which resulted in the theft of nonfungible tokens (NFTs) worth nearly $3 million. Fortunately, the majority of the stolen tokens were returned after the attacker received a 10% bounty.
As the crypto community grapples with these security challenges, the breach of Aurory serves as a reminder of the vulnerabilities within the ecosystem and the importance of robust security measures to protect digital assets.