Aurory: The stolen AURY comes from the team wallet, and the user’s assets are safe

Aurory (Play Now), a Solana ecosystem game, posted on social media that the team had discovered abnormal activity in the market a few hours ago. After a quick investigation, it was found that bad actors could use the purchase endpoint in the market to increase the AURY balance in SyncSpace. This allowed hackers to extract approximately 600,000 tokens to the Arbitrum network and then sell them at market prices to liquidate all stolen funds.

Aurory has disabled SyncSpace for maintenance, which means that assets cannot be deposited or withdrawn during this maintenance period. Regarding this attack, Aurory stated that:

No user funds or NFTs were lost or at risk. The stolen AURY came from the team wallet, which provided funding for AURY withdrawals for accounts that had not previously deposited funds.

The exploit did not continue. As SyncSpace is offline for maintenance, there is currently no further risk of exploitation.

Aurory has taken swift action to absorb selling pressure through market makers and liquidity pools. The attacker has no more AURY available for sale.