Solana-based decentralized exchange Raydium has confirmed a security breach that resulted in the loss of approximately $1.34 million from several deprecated liquidity pools tied to its legacy Automated Market Maker (AMM) V3 infrastructure.
The exploit, disclosed on June 10, targeted inactive liquidity pools that have remained dormant since 2021 following the shutdown of the Serum order book ecosystem. According to Raydium core contributor Infra (@0xINFRA), the incident was isolated to retired smart contracts and did not impact active users, current liquidity pools, or the protocol’s core trading infrastructure.
Importantly, Raydium has pledged to fully reimburse all affected funds directly from its treasury.
Legacy Code Becomes Attack Vector
According to the project’s post-incident analysis, the attacker exploited a validation weakness within the retired AMM V3 program related to liquidity provider (LP) token mint verification.
By introducing a fraudulent LP mint address, the exploiter was able to bypass contract checks and withdraw assets that remained locked within inactive liquidity pools. The affected pools included:
- Sollet USDT-RAY
- Sollet ETH-RAY
- SRM-RAY
- USDC-RAY
- RAY-SOL
The attacker ultimately extracted approximately 150,177 RAY, 5,603 SOL, and 893,700 USDC from the legacy contracts.
Blockchain security firms PeckShield and Specter were among the first to flag suspicious activity, tracing the attacker’s movements across multiple networks. Preliminary investigations suggest the exploit was initially funded through KuCoin before assets were bridged to Ethereum and routed through privacy and exchange services including Tornado Cash and FixedFloat.
Raydium Moves to Contain Fallout
Raydium was quick to reassure users that the vulnerability was confined exclusively to legacy infrastructure that has been inaccessible through the platform’s user interface for several years.
In an official statement, the team emphasized that neither the current protocol architecture nor active liquidity pools were affected.
“Raydium is aware of an exploit involving unauthorized removal of liquidity from its legacy AMM V3 program which was previously phased out in 2021. No current users of Raydium are affected by this exploit,” the protocol stated.
The team also confirmed that reimbursement for all drained assets will be covered by the protocol treasury, eliminating any losses for affected stakeholders.
Beyond compensation, Raydium announced plans to conduct additional audits and security reviews aimed at identifying risks associated with dormant smart contracts and legacy codebases.
Market Shows Resilience
Despite headlines surrounding the exploit, market reaction remained relatively muted.
RAY, Raydium’s native token, experienced only minor volatility following disclosure of the incident, slipping less than 1% over the subsequent 24-hour period while maintaining support near the $0.57 level. SOL likewise showed limited reaction, reflecting investor confidence in the protocol’s response and the contained nature of the breach.
The restrained market response stands in sharp contrast to previous DeFi exploits that have triggered widespread panic and significant capital outflows.
A Wake-Up Call for DeFi Protocols
The incident highlights a growing challenge facing decentralized finance platforms: the security risks posed by dormant smart contracts.
Even when protocols migrate users to upgraded infrastructure, legacy contracts can continue holding residual liquidity and remain vulnerable to exploitation years after being retired. Security experts have increasingly warned that forgotten or inaccessible code can become an attractive target for attackers seeking overlooked weaknesses.
For Raydium, the combination of rapid disclosure, transparent communication, and a commitment to full reimbursement appears to have helped preserve community confidence.
As one of Solana’s largest decentralized exchanges, Raydium continues to process significant trading volume and maintain billions of dollars in total value locked across its active ecosystem. The team’s handling of the incident may ultimately serve as a case study in effective crisis management within DeFi.
The investigation remains ongoing, with blockchain analysts continuing to track the movement of stolen funds across multiple networks.
Key Takeaway: While the exploit exposed vulnerabilities in legacy infrastructure, no active users were affected, and Raydium’s commitment to fully reimburse losses has helped contain market concerns. The incident nevertheless serves as a reminder that dormant smart contracts can remain a significant security risk long after they are retired.
