Raydium Hack: Fake LP Tokens Exploit Old Solana Pools for $1.34M Loss

Here’s a tighter, more streamlined rewrite with a strong news-style flow:


Raydium, a Solana-based decentralized exchange, lost $1.34 million on June 10, 2026, after an attacker exploited five deprecated liquidity pools tied to its legacy AMM V3 program. The flaw—a smart contract vulnerability left dormant on-chain for nearly five years—allowed the attacker to drain funds without detection.

The exploiter, using a Solana wallet ending in “Bq33QVk,” extracted roughly $900,000 in USDC, $357,000 in SOL, and $86,000 in RAY.

After the exploit, all assets were bridged from Solana to Ethereum and funneled through Tornado Cash, a common laundering route in DeFi attacks that makes fund recovery highly unlikely.


Flawed LP Validation Enabled the Exploit

The root of the issue was improper validation of liquidity provider (LP) tokens in Raydium’s legacy AMM V3 contracts. Normally, LP tokens represent a user’s share of a pool and must match the correct token mint during withdrawals.

In this case, that check was missing. The attacker created a fake SPL token mint, generated a single counterfeit LP token, and used it to trigger withdrawals from real pools.

This method was repeated across five outdated pools—Sollet USDT–RAY, Sollet ETH–RAY, SRM–RAY, USDC–RAY, and RAY–SOL—resulting in the loss of about 150,177 RAY, 5,603 SOL, and 893,700 USDC.

Raydium contributor 0xInfra described the issue as a “self-contained logic flaw,” confirming that no private keys were compromised and that current protocol versions remain unaffected.

Unlike the December 2022 breach, which involved stolen keys and cost around $4.4 million, this incident stemmed from legacy code that was still callable despite being deprecated.


Funds Bridged and Washed on Ethereum

On-chain analysts tracked the attack as funds were consolidated and moved off Solana. The attacker bridged the assets to Ethereum, routed them through services like KuCoin and FixedFloat, and ultimately deposited them into Tornado Cash.

This cross-chain laundering pattern is widely used in DeFi exploits to obscure transaction history. Investigators noted that the attacker avoided liquidating funds on Solana entirely. Once inside Tornado Cash, tracing becomes extremely difficult, and no funds have been frozen so far.


No Active Users Impacted

Raydium confirmed that no active users or current liquidity pools were affected. The exploited pools had already been deprecated and were not accessible through the platform’s interface.

The protocol has committed to fully covering the losses using its treasury. It is also retiring the legacy AMM V3 program IDs and conducting a full audit of both current and legacy codebases. A reimbursement timeline has not yet been disclosed.


Market Response

Following the incident, the RAY token rose დაახლოებით 2% over 24 hours to around $0.578. However, it remains down 7% on the week and is still more than 96% below its all-time high of $16.83, reflecting broader weakness across the Solana ecosystem.


If you want, I can condense this further into a short breaking-news version or headline summary.