Raydium (RAY) Suffers $1.34M Exploit on Deprecated Pools — Full Reimbursement Confirmed

TLDR

• Hackers extracted approximately $1.34 million from five dormant Raydium liquidity pools operating on Solana
• The breach resulted in the theft of around 150,000 RAY tokens, 5,600 SOL, and 893,700 USDC
• The vulnerability existed in an obsolete AMM program discontinued in 2021, leaving active pools untouched
• Raydium announced its treasury would provide complete restitution to all impacted participants
• Security firm PeckShield identified roughly 810 ETH of the pilfered assets flowing into Tornado Cash

On June 10, Raydium, a Solana-based decentralized exchange, disclosed that malicious actors successfully exploited outdated infrastructure components, siphoning approximately $1.34 million worth of cryptocurrency.

The compromised liquidity pools had been inaccessible via Raydium’s user interface ever since the platform discontinued its AMM V3 program back in 2021. According to Raydium’s statement, neither current platform users nor any actively maintained liquidity pools experienced any impact.

How the Attack Happened

On-chain security analyst Specter revealed that the perpetrators utilized a fraudulent mint address to circumvent security validation protocols within the inactive pool infrastructure. The core vulnerability stemmed from inadequate verification processes for LP mints, creating an opportunity to sidestep proportion validation mechanisms.

The assailant successfully withdrew approximately 150,177 RAY tokens, 5,603 SOL, and 893,700 USDC from the compromised pools. According to Specter’s investigation, the attacker initially received funding through the KuCoin exchange before transferring the illicit assets to the Ethereum blockchain.

PeckShield, a prominent blockchain security organization, monitored the movement of stolen cryptocurrency following its transfer to Ethereum. Their analysis revealed that approximately 810 ETH was funneled into Tornado Cash, while an additional seven ETH moved through FixedFloat.

Notably, Tornado Cash was delisted from U.S. Treasury Department sanctions in March 2025. Nevertheless, the utilization of this privacy protocol may continue to present obstacles for investigators attempting to recover or trace the diverted funds.

Raydium Will Reimburse All Losses

Raydium has publicly committed to utilizing its treasury reserves to compensate all financial damages stemming from this security breach. While the protocol emphasized that no current active users suffered losses, some participants maintained residual exposure through the deprecated pool contracts.

This marks the second occasion where Raydium has pledged to absorb user losses. Following an admin key security breach in December 2022 that affected operational pools, the project implemented a governance-approved compensation plan utilizing buyback fee revenue and vested team token allocations to restore liquidity provider funds.

The development team confirmed that all currently deployed mainnet programs remain secure and are presently undergoing comprehensive independent security audits.

Market response to the incident proved minimal. Raydium traded around $0.57, experiencing less than a 1% decline during the 24-hour window after the exploit became public. Solana experienced a modest drop of nearly 2%, settling around $63.88 throughout the identical timeframe.

The RAY token demonstrated resilience, actually gaining more than 2% on the day news of the security breach emerged.

Raydium clarified that both its SDK and decentralized application infrastructure lack functionality for interacting with the legacy AMM V3 pools on the mainnet, effectively confirming the attack remained isolated to decommissioned code.

Security researchers from PeckShield and Specter maintain ongoing efforts to track the movement of stolen digital assets. According to currently available blockchain data, the exploitation remained entirely confined to obsolete infrastructure components without penetrating Raydium’s operational trading ecosystem.

The post Raydium (RAY) Suffers $1.34M Exploit on Deprecated Pools — Full Reimbursement Confirmed appeared first on Blockonomi.