Old Raydium Code Comes Back to Bite in $1.34M Exploit

Add TechGaged as your preferred source on Google

See more TechGaged stories across Google News and Discover.

Add

Decentralized exchange Raydium (RAY) has confirmed a $1.34 million exploit involving a legacy automated market maker (AMM) program that was retired years ago and is no longer accessible through the platform’s user interface. The attacker drained funds from five inactive liquidity pools before bridging assets to Ethereum (ETH) and sending hundreds of ETH through Tornado Cash. Raydium says no current users were affected and has pledged to fully reimburse all losses from its treasury.

Exploiting the Retired AMM V3 Program

In a June 10 statement, Raydium disclosed that an attacker exploited a vulnerability in its legacy AMM V3 program, which the company had phased out in 2021 following the collapse and eventual deprecation of Serum. According to the protocol, the attack involved five inactive liquidity pools, including Sollet USDT – RAY, Sollet ETH – RAY, SRM – RAY, USDC – RAY, and RAY – SOL.

An initial review found the attacker removed approximately 150,177 RAY, 5,603 SOL, and 893,700 USDC, with the total value of stolen assets estimated at around $1.34 million.

Latest Stories

3 min read • 5 minutes ago

Joe Lubin Sees Ethereum Going All-In on ZK Proofs

4 min read • 1 hour ago

Mastercard Launches Stablecoin-Powered AI Economy

3 min read • 1 hour ago

A Rare Cardano Signal Just Appeared for the First Time in Weeks

Read all latest stories →

Raydium emphasized that there was no impact on active users because the affected pools hadn’t been on its interface for a long time. The team noted that neither the Raydium SDK nor the dApp supports mainnet interactions with legacy AMM V3 pools.

The protocol also confirmed that it will reimburse all affected deposits through the Raydium treasury.

Attacker Bridges Funds to Ethereum

Raydium attributed the exploit to insufficient validation of LP token mints within the retired program.

According to the postmortem, the AMM relied on LP token supply for proportion checks but failed to properly verify the LP mint address. That flaw allowed the attacker to create a fraudulent LP mint and bypass safeguards designed to prevent unauthorized withdrawals.

The team stressed that the issue was a self-contained logic bug and not a compromised private key or privileged account, which means that there’s no wider propagation risk across Raydium’s current infrastructure.

Meanwhile, blockchain security firm PeckShield reported that the attacker initially funded their wallet through KuCoin before moving the stolen assets from Solana (SOL) to Ethereum. On-chain data shared by researchers shows the exploiter subsequently deposited approximately 810 ETH into Tornado Cash and another 7 ETH into FixedFloat.

That said, the exploit doesn’t seem to have had any effect on Raydium’s native token. Specifically, at press time on June 11, RAY was trading at the price of $0.5813, up 3.2% in the last 24 hours, reducing to 7.2% its losses from across the week and to 29.8% the decline it accumulated over the past month.

Raydium stated that all current mainnet programs use a different architecture, including virtual supply mechanisms and stricter LP mint verification, which prevents this type of exploit. The protocol’s core contributors have also launched a comprehensive review of all active mainnet programs as a precautionary measure.

Despite the incident, the exploit appears isolated to infrastructure that has been inactive for years, and Raydium maintains that its current products and users remain unaffected.