Raydium confirmed that an attacker drained roughly $1.34 million from five deprecated liquidity pools tied to its legacy AMM V3 program on June 10. The Solana-based decentralized exchange said current users and active pools were not affected, and that losses will be covered from the protocol treasury.
The incident was first flagged by on-chain investigator Specter and later traced by PeckShield. Raydium’s clarification narrowed the scope to retired infrastructure that had been phased out in 2021, meaning the exploit hit dormant legacy pools rather than Raydium’s current trading systems.
#PeckShieldAlert Specter reported that @Raydium has been drained of $1.3M worth of crypto
The attacker was initially funded from #KuCoin, bridged the stolen funds from #Solana to ETH, and deposited 810 $ETH to #TornadoCash and 7 ETH to #FixedFloat. pic.twitter.com/Cm3nQwUfZV
— PeckShieldAlert (@PeckShieldAlert) June 10, 2026
Fake LP Mint Exposed Retired AMM Logic
The affected pools were Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY and RAY-SOL. The attacker removed approximately 150,177 RAY, 5,603 SOL and 893,700 USDC, using the wallet address 4WnPebowR4HHfumvNPaDjG6Pa5Hi1jxLm6xmmBq33QVk as the entry point. The theft was concentrated in five old pools that still held idle reserves on-chain.
Raydium described the issue as a self-contained logic flaw in the deprecated AMM V3 program, not a key compromise or authority-level breach. The weakness centered on LP mint validation: the withdraw instruction failed to properly confirm that the LP mint matched a legitimate pool position, allowing a fake LP token to bypass proportion checks and claim real reserves.
Raydium is aware of an exploit involving unauthorized removal of liquidity from its legacy AMM V3 program which was previously phased out in 2021.
No current users of Raydium are affected by this exploit or would have been able to interact with these pools through the UI since…
— Infra | Raydium (@0xINFRA) June 10, 2026
That distinction matters because deprecated does not mean disabled. A contract removed from a front end can still remain callable on-chain if its state is not frozen or fully migrated. In this case, old infrastructure no longer visible to ordinary users still contained assets that could be targeted directly.
Raydium said its current mainnet programs use different safeguards, including virtual supply mechanics and validation of LP mint and related account information. The team also said contributors are reviewing all mainnet programs, making the immediate response both compensatory and preventative.
Stolen Funds Moved Across Chains
PeckShield traced the attacker’s initial funding to KuCoin before the stolen assets were bridged from Solana to Ethereum. After that movement, the exploiter deposited 810 ETH into Tornado Cash and sent another 7 ETH to FixedFloat, showing a fast cross-chain laundering sequence after the pool drain.
The use of a bridge and privacy mixer may complicate recovery efforts, although fund tracing remains active. Raydium has not yet announced a recovery of the stolen assets, and the available information does not show whether exchanges or service providers have frozen any linked funds. The reimbursement commitment is therefore separate from any asset-recovery outcome.
The incident also revives a familiar DeFi risk: legacy contracts can remain live long after product teams stop directing users to them. For protocols with years of deployed infrastructure, security reviews cannot focus only on active interfaces if old programs still hold value.
Raydium previously faced a major exploit in December 2022 after an administrative key compromise affected active pools. This latest event is different in structure and scope, but it again places treasury compensation at the center of the user-protection response. The protocol is choosing to absorb the loss rather than leave legacy liquidity providers exposed.
For now, the clean takeaway is that Raydium suffered a $1.34 million exploit in five deprecated AMM V3 pools, with current users unaffected and full reimbursement promised from treasury funds. The next updates to watch are the reimbursement timeline, any recovery of bridged funds, and the results of Raydium’s broader mainnet program review.