Raydium, one of Solana’s largest decentralized exchanges, disclosed an exploit in its legacy Automated Market Maker V3 program that siphoned roughly $1.34 million from five deprecated liquidity pools. The attack targeted pools that had been phased out back in 2021, meaning no active users or current Raydium interfaces were affected.
What was taken and how
The drained assets included approximately 150,177 RAY tokens, 5,603 SOL tokens, and around 893,700 USDC. The five affected pools were Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY, and RAY-SOL, all of which had been deprecated after the Serum protocol was sunset in 2021.
The root cause was a self-contained logic flaw in the liquidity provider mint validation process. The attacker created a fraudulent LP mint and used it to bypass the security checks that should have blocked the withdrawal. The pools were no longer supported within Raydium’s main software development kit or its decentralized application front end, but the smart contracts themselves were still live on-chain with real assets locked inside.
Following the money
