One in every of Solana’s flagship decentralized exchanges grew to become the most recent sufferer of a crypto exploit on Wednesday, when an attacker drained greater than $1.34 million from 5 dormant liquidity swimming pools on Raydium, including recent urgency to an already bruising yr for decentralized finance safety.
The exploit focused Raydium’s legacy AMM V3 program and drained roughly $1.34 million from 5 inactive liquidity swimming pools. The affected swimming pools — Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY, and RAY-SOL — had been phased out following the deprecation of the Serum protocol in 2021.
The attacker bypassed validation checks within the previous AMM V3 program, minted new liquidity supplier tokens with out depositing corresponding property, then withdrew and transformed the positions. The exploiter’s Solana tackle ends in “Bq33QVk.” In greenback phrases, the attacker made off with almost $900,000 in USDC, roughly $357,000 in SOL, and $86,000 price of RAY.
The vulnerability originated from inadequate validation of the LP mint tackle throughout the Legacy AMM V3 program. As a result of this system didn’t correctly confirm the LP mint, the attacker created a brand new mint and used it because the LP token, successfully bypassing the proportion checks that have been meant to manipulate liquidity elimination.
Raydium moved rapidly to comprise the fallout. Pseudonymous Raydium contributor 0xInfra confirmed the incident through X, stating that no present customers have been affected and couldn’t have interacted with the deprecated swimming pools by the platform’s UI since their phase-out. The mission confirmed full compensation for all affected customers will probably be dealt with instantly by its treasury, masking your entire $1.34 million throughout all 5 impacted swimming pools. Raydium’s core contributors additionally introduced a complete safety evaluation of all mainnet applications to confirm that no comparable logic flaws exist throughout any lively code.
Solana Alternate Raydium Hit With $1.34 Million Exploit as DeFi Assaults Develop
A Ghost within the Machine
The incident raises a query that has turn out to be more and more uncomfortable throughout DeFi: what occurs to code that’s formally retired however by no means totally faraway from the blockchain?
The loss exhibits how previous liquidity swimming pools can stay financially harmful lengthy after a protocol’s person interface, SDKs, and predominant product routes transfer elsewhere. The affected contracts nonetheless held stay property on-chain regardless of being phased out of Raydium’s present utility interface and lively liquidity stack.
As a result of sensible contracts are immutable, totally eradicating previous code that also holds funds is rarely easy. This incident exhibits an actual weak point in DeFi: previous contracts can nonetheless turn out to be targets for attackers in search of edge instances. Raydium had transitioned to newer AMM variations, together with V4 and V5, which make the most of digital provide mechanisms alongside stricter account verification protocols — however the deprecation of the legacy program didn’t wipe its on-chain footprint.
After stealing the property on Solana, the funds have been bridged to Ethereum and are actually being laundered through Twister Money, in response to blockchain investigator Specter. That exit path — bridge to Ethereum, deposit into the sanctioned mixer — has turn out to be a well-known playbook for DeFi exploiters looking for to complicate restoration efforts. US authorities sanctioned Twister Money in 2022, and its continued use in exploit laundering provides regulators ammunition to argue for stricter oversight of DeFi protocols.
Raydium (RAY) Value Chart
A Deteriorating Safety Panorama
The Raydium hack arrives at a second when DeFi’s safety monitor file is below acute scrutiny. The sector has already misplaced over $750 million to hacks and exploits in 2026, pushed largely by the roughly $292 million KelpDAO exploit and the $285 million Drift Protocol breach.
Drift Protocol misplaced $285 million on April 1 after a North Korean hacking group spent six months socially engineering its approach into the Solana-based DEX, whereas KelpDAO’s LayerZero bridge was drained of $292 million in rsETH on April 19. These two incidents alone triggered 95% of April’s whole DeFi harm, triggering a mass exit from DeFi and rating among the many high ten hacks since 2021.
What makes the present surroundings notably alarming is the widening assault floor. Neither of the 2 greatest exploits of 2026 concerned a sensible contract vulnerability — code audits, formal verification, and bug bounty applications wouldn’t have prevented Drift or KelpDAO. As an alternative, social engineering, compromised infrastructure, and governance weaknesses have emerged because the dominant vectors.
Including a brand new dimension to the risk panorama, AI is now taking part in a documented function in vulnerability discovery. Safety researcher Taylor Hornby recognized a crucial four-year-old vulnerability in Zcash’s Orchard shielded pool on Could 29 by working a customized auditing agent framework paired with Anthropic’s Claude Opus 4.8 mannequin, then wrote a whole working exploit in an area check surroundings. The bug would have allowed an attacker to mint limitless ZEC tokens contained in the Orchard pool with out detection, and its disclosure despatched ZEC crashing greater than 38% in a single day. Whereas the Zcash disclosure was a white-hat discover — and there’s no proof AI instruments have been used within the Raydium assault — it underscores the accelerating functionality of AI-assisted auditing on each side of the safety equation.
Market Response and Outlook
Market response to the Raydium exploit was restricted. RAY fell about 2% within the 24 hours after the disclosure and roughly 13% over the prior week, with the token remaining far under its all-time excessive.
For the broader DeFi ecosystem, the incident carries implications past the greenback determine. Legacy contracts, deserted swimming pools, and residual permission settings characterize a category of danger that conventional code audits don’t systematically tackle. As protocols evolve and migrate to newer architectures, the operational burden of cleanly decommissioning previous infrastructure — not simply eradicating UI entry, however auditing and safely winding down on-chain contracts that also maintain worth — has turn out to be a urgent safety obligation.
The Raydium incident is a transparent reminder that “deprecated” doesn’t all the time imply protected within the blockchain world.
