Solana’s flagship decentralized exchange Raydium has suffered a $1.34 million exploit in its long-deprecated AMM V3 program. On June 10, an attacker drained funds from five dormant liquidity pools that had been inactive since the code was phased out in 2021. The incident, first flagged by blockchain security firm PeckShield, targeted “zombie liquidity” that modern users could not access. It once again highlights the tricky challenge in DeFi of fully retiring old smart contracts that still hold real money on chain. Raydium acted fast with a clear disclosure and promised full compensation from its treasury, which has helped limit the damage so far. Still, the event is a clear reminder that “deprecated” does not always mean safe in the blockchain world.
#PeckShieldAlert Specter reported that @Raydium has been drained of $1.3M worth of crypto
The attacker was initially funded from #KuCoin, bridged the stolen funds from #Solana to ETH, and deposited 810 $ETH to #TornadoCash and 7 ETH to #FixedFloat. pic.twitter.com/Cm3nQwUfZV
— PeckShieldAlert (@PeckShieldAlert) June 10, 2026
According to Raydium’s detailed official statement, the vulnerability sat in the legacy AMM V3 program, which was originally built to work with the now-defunct Serum order book. The attacker took advantage of a flaw in how the old contracts handled LP (Liquidity Provider) tokens. They relied on LP token supply for checks during withdrawals but did not properly verify the LP mint address. The attacker simply minted a fake LP token with a supply of just 1, bypassed the checks, and drained the entire pools.
The five affected legacy pools were:
- Sollet USDT – RAY
- Sollet ETH – RAY
- SRM – RAY
- USDC – RAY
- RAY – SOL
Assets drained included roughly 150,177 RAY, 5,603 SOL, and 893,700 USDC. These pools had sat completely dormant for years after Serum’s collapse, with no way for current Raydium users to interact with them through the official interface, SDK, or dApp. The exploit was linked to the address 4WnP…33QVk.
Right after the exploit, the attacker moved quickly to cover their tracks. The stolen assets were bridged from Solana to Ethereum (via deBridge). Around 810 ETH was then sent into the privacy mixer Tornado Cash, while another 7 ETH went through the instant exchanger FixedFloat. The wallet appears to have been initially funded through KuCoin. This kind of rapid cross-chain laundering is common in mid-sized DeFi exploits and shows how hard it still is to track and recover funds in a permissionless ecosystem.
The attack also comes shortly after another major DeFi security incident involving Transit Finance, which lost approximately $1.88 million in a separate exploit. The back-to-back incidents highlight how attackers continue to target weaknesses across multiple blockchain ecosystems despite improving security practices.
Raydium core contributor 0xINFRA posted a detailed thread soon after the exploit became known. The team gave full details including the exploiter’s address, the exact pools hit, the assets drained, and the technical cause. They made it clear that:
- No active users or current mainnet programs (including modern AMM and Concentrated Liquidity versions) were affected.
- The issue was limited only to the old legacy code.
- A full security review of all mainnet programs is already underway.
Raydium has committed to full treasury-backed compensation so that no liquidity providers lose any money. They also shared a public Google Sheet with all the details for the community. This open and responsible approach is in line with how Raydium handled previous incidents and has helped keep trust intact.
Raydium came up in 2021 as a hybrid AMM and order book DEX on Solana and quickly grew into one of the ecosystem’s most important platforms. After Serum collapsed with FTX, several connected parts were deprecated. But because smart contracts are immutable, fully removing old code that still holds funds is never straightforward.
This $1.34 million incident shows a real weakness in DeFi: old contracts can still become targets for attackers looking for edge cases. As many in the community have said, “Deprecated doesn’t always mean dead. It means forgotten until someone remembers.”
The broader crypto sector has been dealing with a steady stream of security breaches throughout 2026. Recent industry data showed that more than $84 million was lost across dozens of crypto hacking incidents during May alone, demonstrating that both new and legacy protocols remain attractive targets for attackers.
With Solana’s total value locked continuing to grow, established protocols like Raydium face increasing pressure to keep strong security standards across every part of their history, not just the newest features. This event could push more projects toward regular legacy code audits and stricter sunsetting processes.
Beyond smart contract flaws, operational security has also emerged as a major concern. The recent Humanity Protocol incident, where compromised private keys contributed to a dramatic token collapse, illustrates how security failures can occur at multiple levels of a crypto project’s infrastructure.
According to CoinMarketCap, the RAY token is currently trading at $0.5703 with a market capitalization of $153.4 million. In the last 24 hours, the token has seen a decline of approximately 3.5%, with 24-hour trading volume around $12.5 million. Despite the exploit news, the price movement has remained relatively mild, reflecting market confidence in Raydium’s swift response and the fact that only inactive legacy pools were affected. Active pools and normal user activity remain completely unaffected.
So far, the RAY token has seen only mild movement, as traders seem to trust Raydium’s quick response and the fact that the exploit was isolated. Active pools and normal user activity remain completely unaffected.
Raydium has shown good accountability by being transparent and putting users first. While the loss is real, the fast action and full reimbursement should prevent major long-term harm to the protocol’s reputation.
At the end of the day, this incident drives home an important point for the whole DeFi industry: real security is not a one-time thing. It requires constant attention across the full life of a protocol, including the old parts that most people have forgotten. Protocols that take legacy code seriously will be the ones that earn lasting trust. Users with funds in active Raydium pools face no risk, and compensation is already being processed.
