Raydium, a top Solana-based decentralized exchange, lost $1.34 million to an exploit that hit its retired AMM V3 program. The attacker drained roughly 150,000 RAY tokens, 5,600 SOL, and 900,000 USDC from three liquidity pools on Wednesday. The vulnerability existed in code that had been phased out in 2021 and wasn't accessible through the exchange's current interface — but the pools still held funds.
How the exploit worked
The old AMM V3 program had a flaw in how it validated LP mints. That let the attacker bypass the usual proportion checks and pull out more tokens than allowed. Raydium confirmed the issue was specific to the legacy program and that its current AMMs aren't affected. A security review is now underway.
What was taken
The attacker hit three pools: RAY-SOL, USDC-RAY, and SRM-RAY. They walked away with a mix of the platform's native token, Solana's main asset, and a stablecoin. Funds were initially funded via the KuCoin exchange, then bridged from Solana to Ethereum — a move that gave the attacker access to more laundering tools.
Laundering under way
Blockchain security firm PeckShield tracked the proceeds. About 810 ETH from the exploit was sent to Tornado Cash, the Ethereum mixer known for hiding transaction trails. Another 7 ETH went to FixedFloat, a non-custodial exchange. That's active laundering, not a slow cleanup. The attacker clearly wants to make recovery hard.
Raydium's response
Raydium put out a statement saying its current programs are safe and that a security review is in progress. The exchange didn't announce a timeline for the review or any compensation plan for affected liquidity providers. The timing isn't great — Solana DeFi has been under scrutiny after a string of hacks this year. Whether Raydium can recoup any of the funds or if this will shake confidence in its legacy contracts remains an open question.
