Raydium News: $1.34M Exploit Targets Legacy Solana Liquidity Pools
Raydium, a decentralized exchange built on Solana, suffered a $1.34 million exploit on June 10, 2026, after an attacker abused five deprecated liquidity pools tied to its older AMM V3 system. The vulnerability had reportedly existed on-chain for years without being actively triggered.
The attacker, linked to a Solana wallet ending in “Bq33QVk,” extracted roughly $900,000 in USDC, $357,000 in SOL, and $86,000 in RAY tokens.
After draining the pools, the funds were bridged from Solana to Ethereum and then routed through Tornado Cash, significantly obscuring the transaction trail and making recovery highly unlikely.
Exploit Mechanism: Fake LP Tokens Bypass Validation
The root cause of the exploit was a flaw in Raydium’s legacy AMM V3 contracts, specifically insufficient validation of liquidity provider (LP) tokens.
In standard automated market maker systems, LP tokens represent ownership in a liquidity pool and must be properly verified before withdrawals are allowed.
However, the deprecated Raydium contracts failed to confirm that LP tokens originated from legitimate pool mints.
The attacker exploited this gap by creating a fake SPL token mint, minting a single counterfeit LP token, and using it to initiate withdrawals.
This process was repeated across five inactive pools—Sollet USDT–RAY, Sollet ETH–RAY, SRM–RAY, USDC–RAY, and RAY–SOL—resulting in total losses of approximately 150,177 RAY, 5,603 SOL, and 893,700 USDC.
Raydium contributor 0xInfra stated the issue was a contained logic flaw rather than a private key compromise, meaning active deployments and current users were not impacted.
Unlike the 2022 Raydium breach, which stemmed from a stolen private key and caused $4.4 million in losses, this incident originated from legacy smart contract code that remained callable despite being deprecated.
Funds Routed Through Cross-Chain Laundering Path
On-chain trackers identified the exploit as it unfolded, showing funds being aggregated across affected pools before being bridged from Solana to Ethereum.
The attacker then moved assets through KuCoin and FixedFloat before depositing the final balance into Tornado Cash.
Once funds entered Tornado Cash, tracing effectively stopped, leaving limited visibility into further movement.
Wallet analysis tied to “Bq33QVk” confirms a complete cross-chain laundering route with no reliance on Solana-native exchanges for cash-out.
As of now, no assets have been frozen or recovered by centralized platforms.
Impact on Users and Raydium’s Response
No active users were impacted, as the exploited pools were already deprecated and inaccessible through Raydium’s front-end interface.
Raydium has pledged to fully reimburse the stolen funds using its protocol treasury. The team is also formally deprecating legacy AMM V3 program IDs and conducting a comprehensive review of both active and outdated smart contracts. A reimbursement timeline has not yet been disclosed.
Following the incident, RAY briefly rose around 2% to approximately $0.578. However, it remains down about 7% over the past week and is still far below its all-time high of $16.83, reflecting broader weakness across the Solana ecosystem.
About The Author
More Stories
Ripple’s XRP Facing Artificial Pressure? Analyst Explains Missing Breakout
Citi Moves Into Real-World Assets With Private Company Share Tokenization Platform
XRP Vision Going Mainstream? Garlinghouse Highlights Wall Street Convergence