DeFi Protocol Raydium Confirms Exploit on Legacy AMM V3, Vows Full Compensation for $1.34M Loss

Legacy Contract Exploit Hits Raydium, Full Reimbursement Announced

The Solana decentralized finance landscape faced a security incident as Raydium, a leading automated market maker, confirmed an exploit targeting its legacy AMM V3 program, which was officially deprecated in 2021.

An attacker successfully removed liquidity by exploiting a logic flaw in the outdated system. The Raydium team was quick to clarify that the incident is isolated to the abandoned version. All currently active mainnet programs, the official user interface, and the SDK remain secure and unaffected, ensuring no risk to present-day users or their funds.

Impacted Pools and Financial Loss

The exploit affected liquidity in five legacy pools that were no longer in active use:

• Sollet USDT-RAY Pair
• Sollet ETH-RAY Pair
• SRM-RAY Pair
• USDC-RAY Pair
• RAY-SOL Pair

Preliminary estimates place the total loss at approximately 150,177 RAY, 5,603 SOL, and 893,700 USDC, with a combined value around $1.34 million at the time of the incident.

Root Cause and Technical Breakdown

Initial investigation traces the vulnerability to an insufficient validation mechanism for LP token mint addresses in the old contract. The attacker bypassed the protocol's ratio checks by creating and impersonating new LP tokens to withdraw funds illicitly.

Raydium emphasized that this was an isolated logic exploit, not resulting from any private key compromise, admin access breach, or wider system infiltration. Consequently, there is no risk of the vulnerability spreading to other parts of the ecosystem.

Next Steps and User Protection

In a move to uphold trust and accountability, Raydium has committed to covering 100% of the losses using its project treasury funds. Detailed reimbursement procedures will be communicated to the community in due course.

This event underscores the persistent security challenges in DeFi, particularly regarding the management and sunsetting of legacy smart contracts. Raydium has stated its commitment to bolstering overall security protocols and conducting more rigorous audits of all historical code.