Raydium Security Breach Exposes Deprecated Solana Pools in $1.34M Attack

Raydium News: $1.34M Exploit Exposes Old Solana AMM Pools

Raydium, the Solana-based decentralized exchange, lost about $1.34 million on June 10, 2026, after an attacker exploited five deprecated liquidity pools from its legacy AMM V3 program. The flaw had reportedly existed on-chain for years without being triggered.

The attacker, using a Solana address ending in “Bq33QVk,” drained approximately $900,000 in USDC, $357,000 in SOL, and $86,000 in RAY tokens.

Once the funds were extracted, they were bridged from Solana to Ethereum and routed through Tornado Cash, making the flow of funds difficult to trace and reducing the likelihood of recovery.

How Fake LP Tokens Were Used to Drain Liquidity

The exploit originated from a vulnerability in Raydium’s outdated AMM V3 smart contracts, specifically a failure in validating liquidity provider (LP) tokens.

In a normal AMM system, LP tokens represent a user’s share of a liquidity pool, and withdrawals require burning legitimate tokens tied to the correct pool mint.

However, the deprecated Raydium contracts did not properly verify whether LP tokens came from valid liquidity pool mints.

The attacker took advantage of this by creating a fake SPL token mint, issuing a single counterfeit LP token, and using it to trigger withdrawal functions.

This method was repeated across five legacy pools—Sollet USDT–RAY, Sollet ETH–RAY, SRM–RAY, USDC–RAY, and RAY–SOL—resulting in total losses of roughly 150,177 RAY, 5,603 SOL, and 893,700 USDC.

Raydium contributor 0xInfra confirmed the issue was a self-contained logic flaw rather than a private key compromise, meaning no impact to active contracts or current users.

Unlike the 2022 incident, which involved a $4.4 million loss due to a compromised private key, this exploit came from outdated code that remained accessible even after being deprecated.

Cross-Chain Laundering Through Tornado Cash

Investigators tracked the exploit in real time as the attacker consolidated funds from the affected pools. The assets were then bridged from Solana to Ethereum, passed through KuCoin and FixedFloat, and eventually deposited into Tornado Cash.

Once inside Tornado Cash, transaction-level tracking effectively ended, making further tracing extremely difficult.

Analysts following the wallet ending in “Bq33QVk” confirmed a full cross-chain laundering path, with no use of Solana-native exchanges for liquidation.

At this stage, no funds have been reported frozen or recovered.

User Impact and Protocol Response

Importantly, no active users were affected, since the exploited pools had already been deprecated and were not accessible through Raydium’s frontend.

Raydium has committed to fully reimbursing the stolen funds using its protocol treasury. It is also retiring the legacy AMM V3 program IDs and conducting a broader review of both active and deprecated smart contracts. A repayment timeline has not yet been announced.

Despite the exploit, the RAY token saw a brief 2% uptick to around $0.578. However, it remains down about 7% over the past week and is still far below its all-time high of $16.83, reflecting broader weakness across the Solana ecosystem.