On June 10, 2026, a hacker exploited five deprecated liquidity pools on Raydium, Solana largest decentralized exchange, draining approximately $1.34 million in crypto assets through a forged LP token attack on the protocol’s legacy AMM V3 program.
The stolen funds included ~$900,000 in USDC, ~$357,000 in SOL, and ~$86,000 in RAY tokens. The RAY token up 2% in the 24 hours following the incident, recently changing hands at $0.578, already down ~7% on the week and sitting 96.6% below its all-time high of $16.83.
Raydium confirms $1.34M exploit on legacy AMM V3 pools. No current users affected; full compensation from treasury. pic.twitter.com/tqmKATA2tH
— Solana Hub (@SolanaHub_) June 10, 2026
EXCLUSIVE: Earn $10 USDC Via Binance Sign-Up
Solana Raydium Exploit Explained: How a Fake Token Fooled a Retired Smart Contract
Think of it like a decommissioned bank branch that closed its doors to customers years ago, but management forgot to move the cash out of the vault. The tellers are gone, the ATM is switched off, the branch doesn’t appear on the bank’s website anymore. But if someone found a side door still unlocked, the money inside would be just as real as ever.
That is almost exactly what happened here. Raydium operates as an AMM, an automated market maker, which means it uses smart contract-managed liquidity pools instead of traditional order books to facilitate trades on Solana. In 2021, Raydium phased out its legacy AMM V3 program after Serum’s order book was deprecated, replacing it with updated architecture. The old program was removed from the UI, but the underlying smart contract and the funds locked inside it remained live on-chain.
Source: Solcan
The attacker found a smart contract vulnerability in that legacy code: the AMM V3 program did not properly validate the LP mint address, the token that represents a liquidity provider’s share of a pool. By creating a fake LP token mint and presenting it to the contract, the hacker convinced the program’s internal accounting that their counterfeit tokens represented legitimate pool ownership. The contract then allowed them to withdraw the pools’ real assets as though they were a genuine LP redeeming a position.
Across five pools, Sollet USDT–RAY, Sollet ETH–RAY, SRM–RAY, USDC–RAY, and RAY–SOL, the attacker withdrew ~150,177 RAY, ~5,603 SOL, and ~893,700 USDC. After the liquidity pool hack, the funds were bridged from Solana to Ethereum and deposited into Tornado Cash, a crypto mixer that breaks the on-chain transaction trail, a laundering pattern increasingly common in 2026 DeFi exploits. The attacker’s Solana address (ending in Bq33QVk) was initially funded through KuCoin.
EXCLUSIVE: Earn $10 USDC Via Binance Sign-Up
The Structural Story: Why Retired Code Still Held Live Funds
The most important thing to understand about this DeFi exploit is what “deprecated” actually means on a public blockchain, and what it does not mean. When a protocol deprecates a program, it typically stops directing users to it via the interface and focuses development attention elsewhere.
What it almost never does automatically is freeze the contract’s state or migrate funds out of the old pools.
On Solana, and on Ethereum and virtually every other smart contract platform, a deployed program remains callable by anyone who knows its address, regardless of whether it appears on a front end. Unless a protocol explicitly pauses the contract, burns its upgrade authority, or migrates all liquidity out, the code keeps running.
Raydium’s legacy AMM V3 had been invisible to everyday users for four years, but it was never immobilized. That is the structural gap this exploit walked through.
Raydium is aware of an exploit involving unauthorized removal of liquidity from its legacy AMM V3 program which was previously phased out in 2021.
No current users of Raydium are affected by this exploit or would have been able to interact with these pools through the UI since…
— Infra | Raydium (@0xINFRA) June 10, 2026
Pseudonymous Raydium contributor 0xInfra confirmed the exploit was “a self-contained logic flaw” in the old program, not a key compromise or authority-level issue, meaning Raydium’s current mainnet programs carry no equivalent vulnerability.
But the broader implication is uncomfortable: how many other DeFi protocols running on Solana or other chains have deprecated contracts quietly holding dormant liquidity that has never been formally migrated or frozen? This incident suggests that number may be higher than anyone has audited.
Solana’s ecosystem has been evolving rapidly, but legacy infrastructure can lag far behind governance decisions.
DISCOVER: The 12+ Hottest Crypto Presales to Buy Right Now
Follow 99Bitcoins on X For the Latest Market Updates and Subscribe on YouTube For Daily Expert Market Analysis.
The post Solana Raydium DEX Lost $1.34M to Hackers, Here’s What Actually Happened appeared first on 99Bitcoins.
GIPHY App Key not set. Please check settings