Fake Token Exploit Bleeds Raydium DEX of $1.3 Million in Legacy Pools
Share
Key Takeaways
Raydium lost about $1.34 million on June 10 after an attacker drained five dormant AMM V3 liquidity pools on Solana that had been inactive since 2021.
The exploit relied on a fake LP token mint that slipped past validation checks in retired code; active pools, the CLMM, and newer AMM versions were untouched.
Raydium said it will cover all losses from its treasury, while security firm PeckShield traced part of the stolen crypto through KuCoin and into Tornado Cash.
Raydium, one of Solana’s largest decentralized exchanges, lost roughly $1.34 million on June 10 after an attacker exploited a flaw in retired code, draining five liquidity pools that had been inactive since 2021.
The pools belonged to Raydium’s legacy automated market maker, or AMM V3, program, which the protocol phased out after the collapse of the Serum onchain order book. The contracts remained live on Solana even though they were no longer reachable through Raydium’s official interface.
Raydium is aware of an exploit involving unauthorized removal of liquidity from its legacy AMM V3 program which was previously phased out in 2021.
No current users of Raydium are affected by this exploit or would have been able to interact with these pools through the UI since…
“No current users of Raydium are affected by this exploit,” pseudonymous contributor 0xInfra posted on X, adding that the protocol’s software development kit and front end no longer support interactions with the legacy pools.
How the Raydium Exploit Worked
The attack hinged on the old program’s weak validation of the liquidity provider’s mint address. Because the code did not confirm that the LP token was legitimate, the attacker created a fake mint, presented it as the real LP token and bypassed the proportion checks that govern withdrawals.
Raydium said its current mainnet programs avoid the bug because they rely on a virtual supply mechanism and verify LP mints alongside other account data. The exchange added that its live programs are now undergoing a separate security review.
Which Pools and Assets Were Drained
The five affected pools were:
Sollet USDT-RAY
Sollet ETH-RAY
SRM-RAY
USDC-RAY
RAY-SOL
Notably, all pools were tied to the Serum era on Solana.
The attacker removed about 150,177 RAY, 5,603 SOL, and 893,700 USDC, according to 0xInfra. In dollar terms, that broke down to roughly $900,000 in USDC, about $357,000 in SOL, and around $86,000 in RAY. The exploiter’s Solana address ends in Bq33QVk.
Raydium’s concentrated liquidity pools and newer AMM versions held no exposure, which kept the loss near $1.34 million. RAY traded up more than 2% on the day, reflecting limited market spillover.
Onchain Sleuths Trace the Stolen Funds
PeckShield and onchain investigator Specter said the attacker was initially funded through KuCoin, then bridged the proceeds from Solana to Ethereum.
Attackers deposited 810 ETH into Tornado Cash. | Source: @hackapreneur
Raydium Pledges Treasury Refund
Raydium said it will fully reimburse anyone who still holds funds in the deprecated pools, covering the shortfall from its treasury rather than passing losses to active users.
NEWS: Raydium suffered a $1.34M exploit affecting deprecated liquidity pools.
The protocol said losses will be fully covered by its treasury, with no impact on current users. pic.twitter.com/jtHyAIgj3n
The incident adds to a steady run of DeFi exploits in 2026, many of them targeting dormant or unaudited code rather than flagship contracts. For Raydium, the damage was contained, but the episode shows that retired smart contracts left running onchain can stay dangerous years after a team moves on.
Other Major DeFi Exploits of 2026
Raydium’s loss is small next to a brutal year for decentralized finance. DeFi protocols have lost more than $840 million across 50 or more incidents in the first five months of 2026, a sharp rise from prior years.
Kelp DAO ranks as the largest, losing about $293 million on April 19 when an attacker drained its LayerZero-based rsETH bridge.
Drift Protocol, a Solana DEX, lost roughly $285 million on April 1 after a group linked to North Korea spent six months socially engineering its way in, then used a fake asset as collateral to pull out real funds.
Step Finance, another Solana project, lost $27.3 million in January when a compromised executive device exposed private keys.
The pattern has shifted. Chainalysis attributes about 76% of 2026 hack losses to state-backed actors tied to the Lazarus Group, and compromised accounts now drive more than half of DeFi attacks by count, overtaking pure smart contract bugs.
How Users Can Protect Themselves
Most 2026 losses trace back to a handful of avoidable mistakes, and a few habits go a long way toward keeping funds safe.
Revoke unused token approvals using tools like Revoke.cash, and grant minimal permissions rather than unlimited ones.
Favor protocols with recent third-party audits, active security teams, and bug bounty programs.
Hold long-term assets in a hardware wallet and keep only working balances in connected apps.
Watch official channels for pause events or warnings, and move funds quickly when one appears.
None of these steps guarantees safety, but together they shrink the attack surface that drained Raydium’s old pools and far larger protocols this year.
Disclaimer:
The information provided in this article is for informational purposes only. It is not intended to be, nor should it be construed as, financial advice. We do not make any warranties regarding the completeness, reliability, or accuracy of this information. All investments involve risk, and past performance does not guarantee future results. We recommend consulting a financial advisor before making any investment decisions.
Dr. Guneet Kaur is a senior editor at CCN.com and a Science Fellow at Exponential Science. She is a fintech and blockchain expert with extensive experience in digital finance education, blockchain ecosystems, and cryptocurrency markets. She has worked with global media such as Cointelegraph, as well as education and blockchain platforms, to design and lead strategic content and learning initiatives. As an educator and assessor for top-tier executive programs, she bridges real-world fintech trends with academic insight.
Dr. Kaur is also a published researcher and peer reviewer across fintech and data science journals, including Financial Innovation Journal and International Journal of Big Data Intelligence and Applications. Her work spans data-driven analysis, Web3 innovation, and technical content development. With a strong foundation in both industry and academia, she translates complex financial technologies into practical applications, empowering learners, professionals, and institutions across the rapidly evolving digital finance landscape.
