On December 17, the gaming ecosystem based on Solana, Aurory, experienced a security breach. This incident led to a significant decrease in the liquidity of the AURY-USDC pool on the decentralized exchange (DEX) Carmelot, by almost 80%. This event is commonly referred to as the Aurory USDC pool drained incident.
Understanding the Aurory Breach
Unverified reports from social media platforms suggest that the attack was directed at Aurory’s SyncSpace bridge on Arbitrum’s native DEX Camelot at around 13:00 UTC. This attack resulted in the liquidity of the AURY-USDC pool plummeting from $1.5 million to a mere $312,000. Despite attempts to reach out to Aurory’s team for comments, there has been no response so far.
SyncSpace operates as a bridge for Aurory, facilitating users to transition items between on-chain and off-chain with a single transaction. This feature enables in-game assets, initially off-chain, to be transferred to the blockchain when the user decides to DeSync them. In an October 2022 blog post, Aurory’s team stated that a cross-SyncSpace hack was impossible due to the requirement of signatures to Sync/DeSync assets.
Consequences of the Breach
Following the attack, a team member from Aurory, Tim, revealed in a social media thread that the team’s tokens were stolen and instantly sold. “We’ve been buying back the tokens as we’re investigating what happened,” he said, promising a post-mortem report after an audit is completed.
The AURY token was trading at $1.23 at the time of the incident, marking an 11% decrease within 24 hours. The attack pushed the token price down to $1.13. A user commented on the situation, stating, “The exploiter oppenheimer’d the chart, bottom buyers did 5x in 45m and now the whole pool is whack with very little liquidity.”
Other Security Incidents
The Aurory USDC pool drained incident was not the only security issue over that weekend. On December 16, the NFT Trade trading platform was exploited in two of its old smart contracts, leading to the theft of nonfungible tokens (NFTs) worth nearly $3 million. However, most of the tokens were returned after a 10% bounty was paid to the attacker.
For those interested in staying updated with the latest trends and events in the crypto world, consider using applications like cryptoview.io. This platform offers comprehensive insights and analytics to keep you ahead in the dynamic world of cryptocurrencies.
