Raydium, a decentralized exchange on the Solana blockchain, disclosed a roughly $1.34 million exploit tied to its retired AMM V3 program, with the attacker draining funds from multiple liquidity pools. The protocol said current programs remain unaffected.
Exploit Targeted Retired AMM V3
Raydium said Wednesday that an attacker siphoned assets from legacy AMM V3 pools involving RAY-SOL, USDC-RAY, and SRM-RAY. The protocol estimated losses at approximately $1.34 million, including:
- About 150,000 RAY (Raydium’s native token)
- Approximately 5,600 SOL
- Nearly 900,000 USDC (Circle’s U.S. dollar stablecoin)
The exchange emphasized that the affected AMM V3 program was phased out in 2021 and is no longer accessible through Raydium’s current user interface, though the legacy contracts remain on-chain.
Root Cause: LP Mint Validation Flaw
Raydium attributed the incident to insufficient validation of liquidity provider (LP) mints in the legacy AMM V3 program. According to the team, the mechanism failed to properly verify the LP mint address, allowing an attacker to create a new mint and use it as the LP token. This bypassed proportion checks intended to control how assets are accounted for in Raydium’s pools.
LP tokens represent a user’s share of a liquidity pool in automated market makers. Proper validation ensures that only authorized LP mints can interact with the pool under predefined rules.
Funds Bridged and Laundered Across Chains
Blockchain security firm PeckShield said the attacker’s activity was initially funded via KuCoin before funds were bridged from Solana to Ethereum. PeckShield reported that about 810 ETH was sent to Tornado Cash, a privacy mixer, and roughly 7 ETH was moved to FixedFloat, describing the transfers as part of an active laundering effort.
Raydium’s Response
Raydium said its current programs were not impacted by the exploit and noted that core contributors are conducting security reviews across all mainnet programs. The protocol reiterated that the vulnerability was confined to the retired AMM V3 implementation.