The old automated market maker (AMM) program of Raydium, a decentralized exchange on the Solana ecosystem, was exploited, resulting in funds being drained from five deprecated liquidity pools, with total losses exceeding $1.34 million. The project team stated that the affected pools were the outdated AMM V3, which had been gradually phased out since 2021; current users cannot access these pools via the frontend interface, so existing users were not impacted.
The attack targeted deprecated liquidity pools.
Raydium contributor 0xInfra stated on X that the incident involved unauthorized liquidity removal in an older version of the protocol, not a private key compromise or a permissions breach. The attacker bypassed the validation logic in the old program, minted new liquidity provider tokens, and subsequently withdrew assets from the pool.
- Approximately $900,000 in USDC
- Approximately $357,000 worth of SOL
- Approximately $86,000 worth of RAY
The project team states that this loss will be covered by the Raydium treasury.
The existing mainnet program is unaffected.
Raydium stated that the program currently running on mainnet is already capable of preventing similar issues from occurring again. This means the incident primarily revealed legacy risks from historical contracts, rather than a new structural failure in the current core system.
Such situations are not uncommon in DeFi. Even after a protocol completes a version migration, old contracts and liquidity pools that still hold assets can remain targets for attacks. This incident again highlights that discontinued components, if not fully cleaned up, can still pose financial risks.
DeFi attack incidents continue to rise
At the time of the Raydium incident, security issues affecting DeFi and crypto networks have been increasing. Reports mention that in April, KelpDAO and Solana’s Drift Protocol also suffered exploitation incidents involving nearly $300 million in funds.
Last week, the privacy network Zcash saw its token drop over 40% within 24 hours after developers disclosed a four-year-old vulnerability. The flaw was discovered by a security researcher using an advanced AI model. Although there is currently no evidence that AI tools were used in this Raydium incident, the industry has begun to take notice of AI’s growing role in improving the efficiency of vulnerability discovery.
The day before the incident, Anthropic released the upgraded cybersecurity model Mythos and simultaneously launched the public version, Claude Fable 5. As AI tools enhance their capabilities in security research, the rate at which vulnerabilities are discovered in on-chain protocols may continue to accelerate.
Affected by the event, Raydium’s native token RAY declined approximately 2% over the past 24 hours, with its latest price at around $0.567. Over the past week, RAY has accumulated a decline of about 13% and remains approximately 96.6% below its all-time high of $16.83.