Solana-based Aurory, a game similar to Pokemon, experienced a significant hack in which the attacker stole approximately 600,000 AURY tokens, worth around $830,000 at the time. The attack targeted the SyncSpace Aurory bridge, causing the game to lose 80% of its liquidity from its AURY-USDC pool, decreasing its value from $1.5 million to $312,000.
Aurory developers took immediate action by disabling the SyncSpace blockchain bridge that connects the game to the Ethereum scaling network Arbitrum and the Solana ecosystem. The executive producer, Jonathan Campeau, stated that the team is working on a fix and will soon release a global patch for its backend services to resolve the issue.
The official statement released by the Aurory team confirmed that they detected unusual activity on their marketplace and conducted an investigation, revealing a hacker’s exploitation of the marketplace’s buy endpoint. This allowed the hacker to increase their AURY token balance and withdraw nearly 600,000 tokens to the Arbitrum network. The attacker then sold the stolen tokens in the market.
Furthermore, the team disabled the SyncSpace bridge, temporarily preventing asset deposits and withdrawals until the bridge is restored. The exploit resulted in an 80% drop in liquidity within the AURY-USDC pool on the Camelot decentralized exchange. The AURY token’s price also experienced a significant decline of 17% but later rebounded to approximately $1.22.
The team assured users that their funds were secure and stated that the stolen funds came from a wallet that funds withdrawals for accounts without previous AURY deposits. The exploit is no longer ongoing due to the disabling of the SyncSpace bridge. Additionally, the team plans to release a postmortem analysis of the exploit to identify how the vulnerability evaded detection despite an expert audit.
In conclusion, Aurory, a Solana-based game, suffered a substantial hack resulting in the theft of AURY tokens. The team deactivated the affected blockchain bridge, investigated the exploit, and ensured user funds remained secure. Although the attack caused a drop in liquidity and token price, the team is resolving the issue and conducting a thorough investigation into the vulnerability. Stay tuned for updates on their fix and detailed postmortem analysis.