Aurory purchased the stolen funds back from the hacker on a decentralized exchange<\/p>\n
Aurory, a Solana-based Pokemon-inspired web3 game, lost around $830,000 worth of its native tokens to a bridge exploit.<\/p>\n
On Dec. 17, the project reported<\/a> that a hacker had compromised the \u201cbuy endpoint\u201d for its Aurory Marketplace, allowing the attacker to increase their balance of AURY tokens in SyncSpace<\/a> \u2014 Aurory\u2019s \u201chybrid on-chain\/off-chain inventory system\u201d that also facilitates asset bridging between Solana and Arbitrum.<\/p>\n The perpetrator behind the exploit was able to siphon 600,000 AURY (worth $830,000 at the time) from an Aurory team-controlled wallet. The tokens were moved to Arbitrum for sale via the Camelot decentralized exchange.<\/p>\n Aurory responded by taking SyncSpace offline to patch the vulnerability, and used its market maker to purchase all of the stolen AURY. Liquidity for the AURY\/USDC pool on Camelot fell 80% from $1.5M amid the incident.<\/p>\n \u201cThe exploiter does not have any more AURY left to sell,\u201d Aurory tweeted. \u201cWe swiftly moved to absorb sell pressure through our market maker and through pool rebalancing.\u201d<\/p>\n Aurory emphasized that no user assets were impacted and there is no threat of further losses. The AURY token is down 20% since the exploit began, according to CoinGecko.<\/p>\n Aurory said it will restore SyncSwap functionality \u201cin the coming days\u201d after the vulnerability has been patched. The exploit occurred despite Aurory previously engaging Ottersec, a web3 security firm, for code auditing. Aurory integrated<\/a> support for Arbitrum via SyncSpace in July.<\/p>\n