On June 10, 2026, a hacker exploited five deprecated liquidity pools on Raydium, Solana largest decentralized exchange, draining approximately $1.34 million in crypto assets through a forged LP token attack on the protocol\u2019s legacy AMM V3 program.<\/p>\n
The stolen funds included ~$900,000 in USDC, ~$357,000 in SOL, and ~$86,000 in RAY tokens. The RAY token up 2% in the 24 hours following the incident, recently changing hands at $0.578, already down ~7% on the week and sitting 96.6% below its all-time high of $16.83.<\/p>\n
Raydium confirms $1.34M exploit on legacy AMM V3 pools. No current users affected; full compensation from treasury. pic.twitter.com\/tqmKATA2tH<\/a><\/p>\n \u2014 Solana Hub (@SolanaHub_) June 10, 2026<\/a><\/p>\n\n EXCLUSIVE: Earn $10 USDC Via Binance Sign-Up<\/span><\/a><\/p>\n Think of it like a decommissioned bank branch that closed its doors to customers years ago, but management forgot to move the cash out of the vault. The tellers are gone, the ATM is switched off, the branch doesn\u2019t appear on the bank\u2019s website anymore. But if someone found a side door still unlocked, the money inside would be just as real as ever.<\/p>\n That is almost exactly what happened here. Raydium operates as an AMM, an automated market maker, which means it uses smart contract-managed liquidity pools instead of traditional order books to facilitate trades on Solana. In 2021, Raydium phased out its legacy AMM V3 program after Serum\u2019s order book was deprecated, replacing it with updated architecture. The old program was removed from the UI, but the underlying smart contract and the funds locked inside it remained live on-chain.<\/p>\n Source: Solcan<\/a><\/p>\n The attacker found a smart contract vulnerability in that legacy code: the AMM V3 program did not properly validate the LP mint address, the token that represents a liquidity provider\u2019s share of a pool. By creating a fake LP token mint and presenting it to the contract, the hacker convinced the program\u2019s internal accounting that their counterfeit tokens represented legitimate pool ownership. The contract then allowed them to withdraw the pools\u2019 real assets as though they were a genuine LP redeeming a position.<\/p>\n Across five pools, Sollet USDT\u2013RAY, Sollet ETH\u2013RAY, SRM\u2013RAY, USDC\u2013RAY, and RAY\u2013SOL, the attacker withdrew ~150,177 RAY, ~5,603 SOL, and ~893,700 USDC. After the liquidity pool hack, the funds were bridged from Solana to Ethereum and deposited into Tornado Cash, a crypto mixer that breaks the on-chain transaction trail, a laundering pattern increasingly common in 2026 DeFi exploits. The attacker\u2019s Solana address (ending in Bq33QVk) was initially funded through KuCoin.<\/p>\n EXCLUSIVE: Earn $10 USDC Via Binance Sign-Up<\/span><\/a><\/span><\/p>\n The most important thing to understand about this DeFi exploit is what \u201cdeprecated\u201d actually means on a public blockchain, and what it does not mean. When a protocol deprecates a program, it typically stops directing users to it via the interface and focuses development attention elsewhere.<\/p>\n What it almost never does automatically is freeze the contract\u2019s state or migrate funds out of the old pools.<\/p>\n On Solana, and on Ethereum and virtually every other smart contract platform, a deployed program remains callable by anyone who knows its address, regardless of whether it appears on a front end. Unless a protocol explicitly pauses the contract, burns its upgrade authority, or migrates all liquidity out, the code keeps running.<\/p>\n Raydium\u2019s legacy AMM V3 had been invisible to everyday users for four years, but it was never immobilized. That is the structural gap this exploit walked through.<\/p>\n Raydium is aware of an exploit involving unauthorized removal of liquidity from its legacy AMM V3 program which was previously phased out in 2021. <\/p>\n No current users of Raydium are affected by this exploit or would have been able to interact with these pools through the UI since\u2026<\/p>\n \u2014 Infra | Raydium (@0xINFRA) June 10, 2026<\/a><\/p>\n\n Pseudonymous Raydium contributor 0xInfra confirmed the exploit was \u201ca self-contained logic flaw\u201d in the old program, not a key compromise or authority-level issue, meaning Raydium\u2019s current mainnet programs carry no equivalent vulnerability.<\/p>\n But the broader implication is uncomfortable: how many other DeFi protocols running on Solana or other chains have deprecated contracts quietly holding dormant liquidity that has never been formally migrated or frozen? This incident suggests that number may be higher than anyone has audited.<\/p>\n Solana\u2019s ecosystem has been evolving rapidly,<\/a>\u00a0but legacy infrastructure can lag far behind governance decisions.<\/p>\n DISCOVER: The 12+ Hottest Crypto Presales to Buy Right Now<\/a><\/strong><\/p>\n Follow 99Bitcoins on X<\/a> For the Latest Market Updates and Subscribe on YouTube<\/a> For Daily Expert Market Analysis.<\/strong><\/p>\n The post Solana Raydium DEX Lost $1.34M to Hackers, Here\u2019s What Actually Happened<\/a> appeared first on 99Bitcoins<\/a>.<\/p>","protected":false},"excerpt":{"rendered":" On June 10, 2026, a hacker exploited five deprecated liquidity pools on Raydium, Solana largest decentralized exchange, draining approximately $1.34 million in crypto assets through a forged LP token attack on the protocol\u2019s legacy AMM V3 program. The stolen funds included ~$900,000 in USDC, ~$357,000 in SOL, and ~$86,000 in RAY tokens. The RAY token […]<\/p>\n","protected":false},"author":0,"featured_media":178712,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-178711","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-discovery"],"_links":{"self":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/178711"}],"collection":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=178711"}],"version-history":[{"count":0,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/posts\/178711\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=\/wp\/v2\/media\/178712"}],"wp:attachment":[{"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=178711"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=178711"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mycryptomania.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=178711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Solana Raydium Exploit Explained: How a Fake Token Fooled a Retired Smart Contract<\/h2>\n
The Structural Story: Why Retired Code Still Held Live Funds<\/h2>\n