Blab Crypto
Raydium Exploit Drains $1.34 Million from Legacy AMM Pools, Treasury to Reimburse
On June 10 2026, a silent breach slipped past the gates of Solana’s most popular decentralized exchange, siphoning roughly $1.34 million from five dormant liquidity pools. Raydium, the platform that powers a significant portion of Solana’s on‑chain trading, traced the theft to a flaw in its retired Automated Market Maker (AMM) V3 program.
The culprit was a lapse in the LP‑mint validation logic. In the V3 contract, liquidity providers could mint LP tokens that represented a share of a pool. The validation routine failed to enforce that the minted amount matched the proportion of assets deposited, allowing an attacker to create LP tokens without contributing the corresponding tokens. Once minted, the attacker could withdraw the pool’s reserves, effectively draining assets that had already been withdrawn.
The pools at the heart of the attack were legacy reserves that had been phased out in 2021. They included RAY‑SOL, USDC‑RAY, SRM‑RAY, and two other pairs that were no longer actively used by traders. Because the pools were idle, no current users or on‑chain products were directly impacted by the withdrawal. The total value drained comprised a mix of RAY tokens, SOL, and USDC, with the combined amount totaling approximately $1.34 million.
Raydium’s response was swift and decisive. The exchange announced that its treasury would reimburse the full amount lost in the exploit. The company stated that the incident did not affect active liquidity pools or the broader Raydium ecosystem, and that no user balances on the platform were compromised.
The incident underscores the risks that linger when legacy smart‑contract code remains on a blockchain after it has been deprecated. Raydium’s AMM V3 program was retired in 2021, but the code was still deployed and could be interacted with by anyone who knew the program ID. The exploit did not involve a new vulnerability in the current AMM V4 program, which is the active version used by Raydium’s liquidity providers.
Security analysts identified the flaw as a classic token‑mint validation error. By bypassing proportion checks, the attacker could mint LP tokens in excess of the assets actually deposited. This allowed the withdrawal of the pool’s reserves without any corresponding contribution from the attacker.
Solana has faced a string of high‑profile security incidents in recent years, including a major wallet hack in 2022 and a series of exploits targeting DeFi protocols. Raydium’s incident is the latest reminder that even well‑established protocols can be vulnerable if older code is left exposed.
From an industry perspective, the event highlights the importance of decommissioning deprecated contracts and removing their program IDs from public registries. It also illustrates the need for continuous security audits of legacy code, especially when that code can still be invoked by external actors.
Raydium’s decision to reimburse users from its treasury is consistent with the exchange’s prior approach to security incidents. In 2023, Raydium covered losses from a flash‑loan attack that drained a small amount of liquidity from a single pool. The exchange’s willingness to absorb the cost of security breaches is intended to maintain user confidence in its platform.
The exploit’s impact on the broader Solana ecosystem was limited. Because the pools were inactive, the attack did not trigger a cascade of liquidations or affect the liquidity of active trading pairs. However, the incident may prompt other Solana‑based protocols to review their legacy contracts and assess whether similar vulnerabilities exist.
At present, Raydium’s treasury will cover the $1.34 million loss, and no further action is required from users of the platform. The exchange has not announced any changes to its current AMM V4 program or its security protocols.
The incident serves as a cautionary tale for decentralized exchanges that maintain legacy contracts on public blockchains. It also reinforces the need for rigorous code audits and proactive decommissioning of deprecated smart‑contract code.
The culprit was a lapse in the LP‑mint validation logic. In the V3 contract, liquidity providers could mint LP tokens that represented a share of a pool. The validation routine failed to enforce that the minted amount matched the proportion of assets deposited, allowing an attacker to create LP tokens without contributing the corresponding tokens. Once minted, the attacker could withdraw the pool’s reserves, effectively draining assets that had already been withdrawn.
The pools at the heart of the attack were legacy reserves that had been phased out in 2021. They included RAY‑SOL, USDC‑RAY, SRM‑RAY, and two other pairs that were no longer actively used by traders. Because the pools were idle, no current users or on‑chain products were directly impacted by the withdrawal. The total value drained comprised a mix of RAY tokens, SOL, and USDC, with the combined amount totaling approximately $1.34 million.
Raydium’s response was swift and decisive. The exchange announced that its treasury would reimburse the full amount lost in the exploit. The company stated that the incident did not affect active liquidity pools or the broader Raydium ecosystem, and that no user balances on the platform were compromised.
The incident underscores the risks that linger when legacy smart‑contract code remains on a blockchain after it has been deprecated. Raydium’s AMM V3 program was retired in 2021, but the code was still deployed and could be interacted with by anyone who knew the program ID. The exploit did not involve a new vulnerability in the current AMM V4 program, which is the active version used by Raydium’s liquidity providers.
Security analysts identified the flaw as a classic token‑mint validation error. By bypassing proportion checks, the attacker could mint LP tokens in excess of the assets actually deposited. This allowed the withdrawal of the pool’s reserves without any corresponding contribution from the attacker.
Solana has faced a string of high‑profile security incidents in recent years, including a major wallet hack in 2022 and a series of exploits targeting DeFi protocols. Raydium’s incident is the latest reminder that even well‑established protocols can be vulnerable if older code is left exposed.
From an industry perspective, the event highlights the importance of decommissioning deprecated contracts and removing their program IDs from public registries. It also illustrates the need for continuous security audits of legacy code, especially when that code can still be invoked by external actors.
Raydium’s decision to reimburse users from its treasury is consistent with the exchange’s prior approach to security incidents. In 2023, Raydium covered losses from a flash‑loan attack that drained a small amount of liquidity from a single pool. The exchange’s willingness to absorb the cost of security breaches is intended to maintain user confidence in its platform.
The exploit’s impact on the broader Solana ecosystem was limited. Because the pools were inactive, the attack did not trigger a cascade of liquidations or affect the liquidity of active trading pairs. However, the incident may prompt other Solana‑based protocols to review their legacy contracts and assess whether similar vulnerabilities exist.
At present, Raydium’s treasury will cover the $1.34 million loss, and no further action is required from users of the platform. The exchange has not announced any changes to its current AMM V4 program or its security protocols.
The incident serves as a cautionary tale for decentralized exchanges that maintain legacy contracts on public blockchains. It also reinforces the need for rigorous code audits and proactive decommissioning of deprecated smart‑contract code.
