Raydium, a decentralized exchange, suffered an exploit of approximately USD 1.3 million across five traditional liquidity pools on the Solana network. This incident was reported on June 10, 2026. The exploit was due to a vulnerability in an older version of Raydium’s AMM V3, a system that has been deprecated since 2021.
The attacker created a fake LP token and used it to exploit a validation flaw in the smart contract. This validated the token supply, but not the address. emission Related. This difference allows an attacker to burn a fake token and 100% of the reserves held in the protocol’s five inactive pools will be withdrawn.
The affected pools were created during the Serum integration phase and were subsequently deprecated in Solana. Among them were the pairs Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY, and RAY-SOL. In total, the attackers were able to steal approximately 150,177 RAY, 5,603 SOL, and 893,700 USDC.
According to incident analysis data, the attacker’s wallet was initially funded through the KuCoin exchange. The funds were then transferred to the Ethereum network through the deBridge protocol. The attacker converted approximately 810 ETH and then dispersed it through a mixing service. Makes it difficult to track things like Tornado Cash and FixedFloat.
Raydium confirmed the incident through its technical team and stressed that no active users were affected. The reason is that the compromised pool had been removed from production after an internal protocol transition and was therefore inaccessible to its interfaces, SDKs, or DApps for years. Accordingly, The team announced that 100% of its losses would be covered by funds from the Treasury. We also plan to enable a complaint system via a public spreadsheet while reviewing other older programs to ensure vulnerabilities do not extend to active versions.
The incident has reignited the debate over the survival of so-called “zombie code” in DeFi, or smart contracts that have been abandoned but remain viable on cryptocurrency networks. Although these are not part of the actual operation of the protocol, locked values and vulnerable logic may be retained and remain exposed indefinitely.
Similarly, beyond specific influences, This incident is part of a broader trend within the ecosystem. According to a report by CriptoNoticias, more than 34 hacks were recorded on decentralized finance protocols in April 2026 alone, with losses amounting to approximately USD 635 million, accounting for 78% of the total thefts so far this year. During the same period, incidents such as Drift Protocol and Kelp DAO revealed that attack vectors ranged from governance failures to critical infrastructure compromises, expanding the risk landscape across the sector.
In this context, Raydium’s exploit stands out for its nature, not its scale. It was not the active systems of the protocol that were affected, but the components that were no longer in use but could still run in the chain. These types of incidents reinforce increasingly visible power relations in DeFi, and risks are not limited to operational infrastructure, but can also arise from contracts that are accessible even if they are no longer part of the protocol’s day-to-day operations.
(Tag translation) Blockchain
