Major Exploit on Raydium: $1.34 Million Drained from Deprecated Liquidity Pools

Title: $1.34 Million Hack on Solana’s Raydium: A Cautionary Tale for DeFi

Date: June 10, 2026

In a shocking turn of events, hackers have exploited vulnerabilities in Raydium, Solana’s largest decentralized exchange, draining approximately $1.34 million in crypto assets. The breach, which occurred on June 10, targeted five deprecated liquidity pools through a forged LP token attack on the protocol’s legacy AMM V3 program.

The stolen assets included around $900,000 in USDC, $357,000 in SOL, and $86,000 in RAY tokens. Interestingly, despite the exploit, RAY token prices saw a slight uptick of 2% in the 24 hours following the incident, trading at $0.578. However, it remains down approximately 7% for the week and sits a staggering 96.6% below its all-time high of $16.83.

Raydium has confirmed the exploit, assuring users that no current accounts were affected and that full compensation will be provided from the treasury. The incident has raised alarms within the DeFi community, prompting discussions about the security of deprecated contracts.

How the Hack Unfolded

The exploit can be likened to a decommissioned bank branch that still holds cash, despite being closed to customers. Raydium had phased out its legacy AMM V3 program in 2021, replacing it with updated architecture. However, the underlying smart contract and the funds locked within it remained live on-chain, creating an opportunity for the attacker.

The hacker discovered a vulnerability in the legacy code, which failed to properly validate the LP mint address—the token representing a liquidity provider’s share of a pool. By creating a counterfeit LP token and presenting it to the contract, the attacker tricked the program into believing they were a legitimate liquidity provider, allowing them to withdraw real assets from the pools.

Across five pools—Sollet USDT–RAY, Sollet ETH–RAY, SRM–RAY, USDC–RAY, and RAY–SOL—the attacker successfully withdrew approximately 150,177 RAY, 5,603 SOL, and 893,700 USDC. Following the hack, the stolen funds were bridged from Solana to Ethereum and laundered through Tornado Cash, a crypto mixer that obscures transaction trails.

A Structural Flaw Exposed

The incident underscores a critical issue within the DeFi space: the implications of “deprecated” contracts. While Raydium had stopped directing users to the legacy program, the contract remained callable by anyone who knew its address. Unless explicitly paused or migrated, the code continued to operate, leaving a gaping hole for potential exploits.

Raydium contributor 0xInfra confirmed that the exploit stemmed from a “self-contained logic flaw” in the old program, not a key compromise. This means that Raydium’s current mainnet programs do not carry the same vulnerability. However, the broader concern remains: how many other DeFi protocols, both on Solana and other chains, have similar dormant contracts holding unprotected liquidity?

Looking Ahead

As the DeFi landscape continues to evolve, this incident serves as a stark reminder of the importance of rigorous audits and proactive management of legacy infrastructure. The Raydium hack may be an isolated event, but it raises critical questions about the security of deprecated contracts across the decentralized finance ecosystem.

As the community processes this exploit, users are urged to remain vigilant and informed about the protocols they engage with, ensuring that their assets are safeguarded against potential vulnerabilities.

For ongoing updates and expert analysis, follow us on social media and subscribe to our newsletter.