Certainly one of Solana’s flagship decentralized exchanges grew to become the newest sufferer of a crypto exploit on Wednesday, when an attacker drained greater than $1.34 million from 5 dormant liquidity swimming pools on Raydium, including contemporary urgency to an already bruising yr for decentralized finance safety.
The exploit focused Raydium’s legacy AMM V3 program and drained roughly $1.34 million from 5 inactive liquidity swimming pools. The affected swimming pools — Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY, and RAY-SOL — had been phased out following the deprecation of the Serum protocol in 2021.
The attacker bypassed validation checks within the outdated AMM V3 program, minted new liquidity supplier tokens with out depositing corresponding belongings, then withdrew and transformed the positions. The exploiter’s Solana tackle ends in “Bq33QVk.” In greenback phrases, the attacker made off with practically $900,000 in USDC, roughly $357,000 in SOL, and $86,000 value of RAY.
The vulnerability originated from inadequate validation of the LP mint tackle inside the Legacy AMM V3 program. As a result of this system didn’t correctly confirm the LP mint, the attacker created a brand new mint and used it because the LP token, successfully bypassing the proportion checks that had been meant to manipulate liquidity elimination.
Raydium moved shortly to include the fallout. Pseudonymous Raydium contributor 0xInfra confirmed the incident by way of X, stating that no present customers had been affected and couldn’t have interacted with the deprecated swimming pools via the platform’s UI since their phase-out. The mission confirmed full compensation for all affected customers shall be dealt with straight via its treasury, overlaying your entire $1.34 million throughout all 5 impacted swimming pools. Raydium’s core contributors additionally introduced a complete safety evaluate of all mainnet packages to confirm that no related logic flaws exist throughout any energetic code.
Solana Alternate Raydium Hit With $1.34 Million Exploit as DeFi Assaults Develop
A Ghost within the Machine
The incident raises a query that has change into more and more uncomfortable throughout DeFi: what occurs to code that’s formally retired however by no means absolutely faraway from the blockchain?
The loss exhibits how outdated liquidity swimming pools can stay financially harmful lengthy after a protocol’s consumer interface, SDKs, and predominant product routes transfer elsewhere. The affected contracts nonetheless held dwell belongings on-chain regardless of being phased out of Raydium’s present utility interface and energetic liquidity stack.
As a result of good contracts are immutable, absolutely eradicating outdated code that also holds funds isn’t simple. This incident exhibits an actual weak spot in DeFi: outdated contracts can nonetheless change into targets for attackers in search of edge instances. Raydium had transitioned to newer AMM variations, together with V4 and V5, which make the most of digital provide mechanisms alongside stricter account verification protocols — however the deprecation of the legacy program didn’t wipe its on-chain footprint.
After stealing the belongings on Solana, the funds had been bridged to Ethereum and at the moment are being laundered by way of Twister Money, based on blockchain investigator Specter. That exit path — bridge to Ethereum, deposit into the sanctioned mixer — has change into a well-known playbook for DeFi exploiters in search of to complicate restoration efforts. US authorities sanctioned Twister Money in 2022, and its continued use in exploit laundering provides regulators ammunition to argue for stricter oversight of DeFi protocols.
Raydium (RAY) Value Chart
A Deteriorating Safety Panorama
The Raydium hack arrives at a second when DeFi’s safety observe file is underneath acute scrutiny. The sector has already misplaced over $750 million to hacks and exploits in 2026, pushed largely by the roughly $292 million KelpDAO exploit and the $285 million Drift Protocol breach.
Drift Protocol misplaced $285 million on April 1 after a North Korean hacking group spent six months socially engineering its approach into the Solana-based DEX, whereas KelpDAO’s LayerZero bridge was drained of $292 million in rsETH on April 19. These two incidents alone induced 95% of April’s whole DeFi harm, triggering a mass exit from DeFi and rating among the many prime ten hacks since 2021.
What makes the present atmosphere significantly alarming is the widening assault floor. Neither of the 2 largest exploits of 2026 concerned a wise contract vulnerability — code audits, formal verification, and bug bounty packages wouldn’t have prevented Drift or KelpDAO. As a substitute, social engineering, compromised infrastructure, and governance weaknesses have emerged because the dominant vectors.
Including a brand new dimension to the risk panorama, AI is now taking part in a documented position in vulnerability discovery. Safety researcher Taylor Hornby recognized a important four-year-old vulnerability in Zcash’s Orchard shielded pool on Could 29 by operating a customized auditing agent framework paired with Anthropic’s Claude Opus 4.8 mannequin, then wrote a whole working exploit in a neighborhood take a look at atmosphere. The bug would have allowed an attacker to mint limitless ZEC tokens contained in the Orchard pool with out detection, and its disclosure despatched ZEC crashing greater than 38% in a single day. Whereas the Zcash disclosure was a white-hat discover — and there’s no proof AI instruments had been used within the Raydium assault — it underscores the accelerating functionality of AI-assisted auditing on each side of the safety equation.
Market Response and Outlook
Market response to the Raydium exploit was restricted. RAY fell about 2% within the 24 hours after the disclosure and roughly 13% over the prior week, with the token remaining far beneath its all-time excessive.
For the broader DeFi ecosystem, the incident carries implications past the greenback determine. Legacy contracts, deserted swimming pools, and residual permission settings signify a category of threat that conventional code audits don’t systematically tackle. As protocols evolve and migrate to newer architectures, the operational burden of cleanly decommissioning outdated infrastructure — not simply eradicating UI entry, however auditing and safely winding down on-chain contracts that also maintain worth — has change into a urgent safety obligation.
The Raydium incident is a transparent reminder that “deprecated” doesn’t all the time imply protected within the blockchain world.
