Key Takeaways
- Approximately $1.34 million was extracted from five dormant Raydium liquidity pools on the Solana network
- The stolen cryptocurrency comprised roughly 150,000 RAY tokens, 5,600 SOL, and 893,700 USDC
- Hackers took advantage of an outdated AMM program that was discontinued in 2021, leaving current pools untouched
- The decentralized exchange announced that its treasury would provide complete reimbursement to impacted users
- Security firm PeckShield identified approximately 810 ETH of the stolen cryptocurrency moving to Tornado Cash
On June 10, Raydium, a Solana-based decentralized exchange, disclosed that malicious actors successfully exploited an outdated component of its platform, siphoning approximately $1.34 million worth of digital assets.
The compromised liquidity pools had been inaccessible via Raydium’s user interface since the protocol retired its AMM V3 program in 2021. According to Raydium, no current users or functioning liquidity pools were impacted by the security breach.
Breakdown of the Exploit
On-chain security analyst Specter revealed that the perpetrators employed a fraudulent mint address to circumvent security validation mechanisms within the inactive pools. The vulnerability stemmed from inadequate verification of LP mints, enabling attackers to evade proportion verification systems.
The malicious actors successfully extracted approximately 150,177 RAY tokens, 5,603 SOL, and 893,700 USDC. According to Specter’s analysis, the attacker obtained initial capital through KuCoin before transferring the stolen assets to the Ethereum blockchain.
Cybersecurity company PeckShield monitored the stolen cryptocurrency following its transfer to Ethereum. Their investigation revealed that roughly 810 ETH was funneled into Tornado Cash, while an additional seven ETH moved to FixedFloat.
In March 2025, Tornado Cash was delisted from U.S. Treasury Department sanctions. Despite this change, the utilization of this privacy protocol may continue to hinder attempts to recover or track the laundered funds.
Complete Loss Coverage Announced by Raydium
Raydium has publicly committed to compensating all financial losses resulting from this security incident using its treasury reserves. While the protocol emphasized that no active participants were compromised, some users maintained positions in the obsolete pools.
This marks the second occasion Raydium has pledged to reimburse affected users. Following an administrative key compromise in December 2022 that resulted in losses from operational pools, a community governance proposal authorized the use of buyback fees and vested team tokens for liquidity provider compensation.
The development team stated that current mainnet programs remain secure and are presently undergoing additional security audits.
Market impact was minimal. Raydium’s price hovered around $0.57, declining less than 1% within 24 hours after the incident became public. Solana experienced a nearly 2% drop to approximately $63.88 over the same timeframe.
The RAY token showed resilience, actually increasing by more than 2% on the day the exploit was publicly disclosed.
Raydium clarified that both its SDK and decentralized application lack functionality to interact with the legacy AMM V3 pools on mainnet, validating that the attack exclusively targeted deprecated code.
Security researchers from PeckShield and Specter maintain ongoing efforts to track the movement of stolen assets. Current evidence indicates the breach was restricted to obsolete infrastructure without affecting Raydium’s operational trading platforms.
