Raydium Breach Exposes $1.34M Vulnerability via Fake LP Tokens on Outdated Pools
Here’s a more concise and polished rewrite with a crisp, professional tone:
Raydium, a Solana-based decentralized exchange, was hit by a $1.34 million exploit on June 10, 2026, after an attacker targeted five deprecated liquidity pools linked to its legacy AMM V3 program. The vulnerability—an overlooked flaw in the smart contract—had remained active on-chain for nearly five years.
The attacker, using a wallet ending in “Bq33QVk,” drained approximately $900,000 in USDC, $357,000 in SOL, and $86,000 in RAY tokens.
After the attack, the funds were bridged from Solana to Ethereum and routed through Tornado Cash, a privacy protocol commonly used to obscure transaction trails, significantly limiting recovery prospects.
LP Token Validation Flaw Exploited
The breach was caused by improper validation of liquidity provider (LP) tokens in the legacy AMM V3 contracts. Typically, LP tokens represent ownership in a pool and must match the correct mint when withdrawing funds.
In this case, that verification step was missing. The attacker created a fake SPL token mint, issued a counterfeit LP token, and used it to withdraw real assets.
This exploit was repeated across five outdated pools—Sollet USDT–RAY, Sollet ETH–RAY, SRM–RAY, USDC–RAY, and RAY–SOL—resulting in losses of roughly 150,177 RAY, 5,603 SOL, and 893,700 USDC.
Raydium contributor 0xInfra described the issue as a “self-contained logic flaw,” confirming that no private keys were compromised and that current protocol versions remain unaffected.
Unlike the December 2022 hack, which involved stolen keys and a $4.4 million loss, this incident stemmed from legacy code that remained accessible despite being deprecated.
Funds Moved Off-Chain and Obscured
Blockchain analysts tracked the attacker consolidating funds before bridging them to Ethereum. The assets were then routed through services like KuCoin and FixedFloat and ultimately deposited into Tornado Cash.
This cross-chain laundering method is commonly used in DeFi exploits to break traceability. Investigators noted the attacker avoided liquidating assets on Solana entirely. Once inside Tornado Cash, tracking becomes extremely difficult, and no funds have been frozen so far.
No Active User Impact
Raydium confirmed that no current users or active liquidity pools were affected. The compromised pools had already been deprecated and were not accessible through the platform’s interface.
The protocol has pledged to fully reimburse the losses using its treasury. It is also retiring the legacy AMM V3 program IDs and conducting a full audit of both current and legacy systems. A reimbursement timeline has not yet been announced.
Market Reaction
RAY rose about 2% in the 24 hours following the incident, trading near $0.578. However, it remains down 7% over the past week and is still roughly 96.6% below its all-time high of $16.83, reflecting continued weakness across the Solana ecosystem.
If you’d like, I can compress this into a brief news alert or bullet-point summary.
Share this content:













