TL;DR
|
Full Story
At the end of last week, there was a security breach in our legacy Solana deployment – currently serving Balanced and including ICON Network-Owned Liquidity (NOL). The attacker exploited the Solana asset manager contract, draining approximately 1,450 SOL and 78 JitoSOL. No other spoke-chains or assets (such as bnUSD, sICX, or BALN) were impacted.
Despite audits across our entire codebase, blockchain exploits remain an ongoing risk in the space – making it necessary to build resilience into the protocols themselves. Thanks to limited reliance on mercenary liquidity, and the added protection of our ICON Insurance Fund, we can assure that all affected user funds will be restored, promptly and in full.
All in all, less than 5% of Network Owned Liquidity was impacted.
Remedial steps:
Our immediate priority has been to secure the network and ensure no further risk to funds or infrastructure.
We’ve worked closely with auditors to recheck the identified contract issue. An update has since been developed, reviewed by auditors and has now been deployed with the necessary fixes. Importantly, we’ve also confirmed that no other spoke-chain contracts, nor SODAX implementations are impacted — this vulnerability was isolated to the legacy Solana deployment only.
We also identified the hacker’s wallet and promptly contacted all relevant exchanges (Binance, Upbit, Kraken and 11 others) to blacklist the address, in case any further attempts are made to move or convert the stolen funds. We’ve also sent an on-chain message to the attacker, offering a bounty in exchange for the partial return of the assets.
With fixes to the asset managers now deployed, we can proceed with steps to return user balances.
Impact on users:
At this point, no user action is required. We've also determined the amount needed to make impacted users whole:
37 SOL
76 JitoSOL
This is a relatively small amount as most of the assets stolen were owned by the network as NOL, and not individual users. We will deploy the ICON Insurance Fund on this occasion to ensure that all user funds remain safe and fully-backed.
Key assurances:
This exploit cannot be used against the current Solana deployment for SODAX.
Other spoke chains are architecturally different and not vulnerable in the same way.
The majority of affected assets belonged to the ICON Network — not individual users.
Next steps:
Regardless of whether the attacker accepts the bug bounty offer, we’re prepared to move ahead with the following recovery steps to restore full backing and resume normal operations:
Conduct a network vote to:
Remove the bnUSD portion of NOL held in the Solana asset manager.
Withdraw the remaining 27 SOL from the same contract.
Withdraw the necessary amount from the ICON Insurance Fund to fully cover affected user positions.
Return normal service by:
Deploying ICON Insurance Funds to purchase 37 SOL and 76 JitoSOL.
Replenishing the asset manager to fully cover affected user positions.
Secure remaining funds by:
Moving remaining Solana liquidity to the new SODAX infrastructure.
Next Steps for Balanced:
Swaps and loans on Solana are currently offline. Service will be re-enabled following the completion of the steps above, with full confidence in the safety and stability of the updated contracts.