Raydium, the Solana-based decentralized exchange, confirmed a $1.34 million exploit on its legacy Automated Market Maker V3 program this week. The incident hit a version of the protocol that was no longer actively maintained but remained accessible on the blockchain. While the company hasn't released a full technical breakdown yet, the attack underscores a risk many DeFi projects face: old code that still carries value.
Legacy code, live risk
The exploit targeted Raydium's AMM V3 program, an older iteration of the exchange's core trading engine. The company didn't say how long the program had been deprecated before the attack, but the breach shows that unused smart contracts can still be dangerous if they hold funds or interact with active pools. In crypto, code doesn't disappear — it just sits on-chain, often waiting for someone to find a flaw.
Raydium's disclosure came via a post on X, where the team said the exploit had been contained and that no user funds from the current AMM were affected. But the $1.34 million loss came from liquidity that remained in the legacy program. For DeFi protocols, that's a clear signal: deprecation isn't just about turning off a switch — it's about actually draining or disabling old contracts.
Stricter oversight ahead
The timing of the exploit may add fuel to ongoing conversations about DeFi security regulation. U.S. regulators have already been circling the sector, and incidents like this one — especially when they involve legacy code that a project itself no longer supports — could lead to new requirements. Lawmakers and agencies may start asking protocols to prove they've properly retired old systems, not just stopped marketing them.
Raydium didn't name any specific regulators or investigations in its statement, but the broader DeFi industry has been bracing for tighter scrutiny. If a major Solana DEX can lose seven figures on a program it thought was behind it, regulators might argue that self-policing isn't enough. The exploit may become a case study in why deprecation procedures need to be formalized and audited.
What comes next
Raydium has not shared a timeline for additional security reviews or changes to its contract retirement workflow. The company said it's working with security partners to trace the stolen funds, but those efforts are still early. For other protocols running old AMM versions on Solana or elsewhere, the exploit is a reminder to check whether those programs can still be drained. The answer, for many, might be uncomfortably close to the one Raydium just found.
