Here’s a refined rewrite with a tighter, more direct news style:
Raydium, a decentralized exchange on Solana, suffered a $1.34 million exploit on June 10, 2026, after an attacker targeted five deprecated liquidity pools tied to its legacy AMM V3 program. The vulnerability—a long-standing smart contract flaw—had remained active on-chain for nearly five years.
The attacker, using a wallet ending in “Bq33QVk,” drained about $900,000 in USDC, $357,000 in SOL, and $86,000 in RAY tokens.
After extracting the funds, the exploiter bridged them from Solana to Ethereum and routed them through Tornado Cash, a privacy tool commonly used to obscure transaction trails, making recovery highly unlikely.
Exploit Driven by LP Token Validation Failure
The root issue was a failure to properly verify liquidity provider (LP) tokens in Raydium’s legacy AMM V3 contracts. Under normal conditions, LP tokens must match the correct mint to authorize withdrawals.
Here, that safeguard was missing. The attacker created a fake SPL token mint, generated a counterfeit LP token, and used it to withdraw real assets from the pools.
This method was repeated across five outdated pools—Sollet USDT–RAY, Sollet ETH–RAY, SRM–RAY, USDC–RAY, and RAY–SOL—resulting in total losses of roughly 150,177 RAY, 5,603 SOL, and 893,700 USDC.
Raydium contributor 0xInfra described the bug as a “self-contained logic flaw,” emphasizing that no private keys were compromised and that current protocol contracts are unaffected.
Unlike the December 2022 breach—which involved stolen keys and cost about $4.4 million—this incident stemmed from deprecated code that remained callable despite no longer being in active use.
Cross-Chain Laundering Complicates Recovery
On-chain analysts tracked the attacker consolidating funds before bridging them to Ethereum. The assets were then routed through platforms such as KuCoin and FixedFloat before being deposited into Tornado Cash.
This cross-chain laundering pattern is commonly used in DeFi exploits to disrupt traceability. Investigators noted that the attacker did not attempt to sell assets on Solana. Once funds enter Tornado Cash, tracking becomes significantly more difficult, and no assets have been frozen so far.
No Impact on Active Users
Raydium confirmed that no active users or current liquidity pools were affected. The exploited pools had already been deprecated and were not accessible through the platform’s interface.
The protocol has committed to reimbursing all losses using its treasury. It is also retiring the legacy AMM V3 program IDs and conducting a full review of both active and legacy code. No timeline for repayment has been provided.
Market Reaction
RAY rose حوالي 2% in the 24 hours following the incident, trading near $0.578. However, the token remains down 7% over the past week and is still roughly 96.6% below its all-time high of $16.83, reflecting broader weakness in the Solana ecosystem.
If you want, I can shorten this into a 5-bullet breaking news summary or a 2-paragraph version.

More Stories
Standard Chartered Backs $500K Bitcoin Call Amid Trump’s China Warning
Bitcoin Flashes Bullish Signal as Momentum Indicator Turns Positive
XRP Breaks Above $1.10 Resistance as Buyers Regain Control