Raydium DEX Exploit Results in $1.34 Million Loss from Legacy AMM Program
Severity: Medium (Score: 48.9)
Sources: Pluang, Theblock.Co
Published: · Updated:
Keywords: raydium, exploit, legacy, million, liquidity, pools, program
Summary
Raydium, a Solana-based decentralized exchange, reported a $1.34 million exploit affecting its retired AMM V3 program. The attack targeted inactive liquidity pools, draining assets including 150,000 RAY, 5,600 SOL, and nearly 900,000 USDC. The vulnerability was due to insufficient validation of LP mints, enabling the attacker to bypass proportion checks. Raydium confirmed that current users and active programs were not impacted, and all losses will be covered by its treasury. The DEX's native RAY token experienced minimal market impact, trading up over 2% on the day. A separate security review of the current mainnet programs is underway. Key Points: • Raydium lost $1.34 million due to an exploit in its legacy AMM V3 program. • The attack exploited a validation flaw that allowed bypassing of proportion checks. • Raydium will reimburse all affected users from its treasury.
Detailed Analysis
**Impact** The exploit affected five inactive liquidity pools on Raydium’s Solana-based decentralized exchange, resulting in a loss of approximately $1.34 million. Specifically, around 150,000 RAY tokens, 5,600 SOL, and nearly 900,000 USDC were drained. No current users or active pools were impacted, and the losses will be reimbursed by Raydium’s treasury. The incident did not affect Raydium’s mainnet programs or its SDK and DAPP interfaces. **Technical Details** The attacker exploited a validation flaw in Raydium’s legacy AMM V3 program, phased out in 2021, which allowed bypassing of intended proportion checks through insufficient validation of LP mint addresses. The exploit involved use of a fake mint address to drain assets from inactive liquidity pools. No specific malware, CVEs, or infrastructure details were provided. The attack targeted a legacy automated market maker contract no longer accessible via Raydium’s current interface. **Recommended Response** Defenders should ensure legacy AMM V3 contracts are disabled or inaccessible and verify validation logic for LP mint addresses in AMM programs. Raydium is conducting a separate security review of current mainnet programs, which should be monitored for updates. No specific IOCs or patches were provided; monitoring for unusual mint address activity and unauthorized liquidity pool interactions is advised.
Source articles (3)
- Raydium DEX says $1.34 million exploit hit retired AMM program, treasury to cover losses — Theblock.Co · 2026-06-10
Solana-based decentralized exchange Raydium said Wednesday that an exploit targeting its legacy AMM V3 program resulted in the removal of roughly $1.34 million in assets from a handful of inactive liq… - Raydium to reimburse $1.3M lost in exploit of legacy Solana liquidity pools — Pluang · 2026-06-10
Raydium's Legacy AMM V3 program was exploited due to a validation flaw allowing an attacker to bypass proportion checks and drain $1.34 million from five inactive liquidity pools. The attack did not a… - Raydium lost $1.34M in a hack exploiting a flaw... | Pluang – Crypto, Stocks, Gold & Funds — Pluang · 2026-06-10
Raydium announced it will fully reimburse users after an exploit drained $1.3 million from five legacy liquidity pools on Solana. The attacker exploited outdated automated market maker code using a fa…
Timeline
- 2026-06-10 — Raydium reports exploit: Raydium disclosed a $1.34 million loss from an exploit targeting its legacy AMM V3 program, affecting inactive liquidity pools.
- 2026-06-10 — Raydium confirms reimbursement plan: Raydium announced it will fully reimburse users affected by the exploit using funds from its treasury.
- 2026-06-10 — Market reaction noted: Despite the exploit, Raydium's RAY token saw a slight increase of over 2% on the day.