Summary: Raydium DEX’s AMM Program Exploited For $1.34 Million — Here’s What Went Wrong

Published: 13 days and 15 hours ago
Based on article from NewsBTC

$1.34 Million Breach: How a Legacy Flaw Hit Solana’s Raydium DEX

Raydium, a prominent decentralized exchange (DEX) on the Solana blockchain, recently disclosed a $1.34 million exploit targeting its retired Automated Market Maker (AMM) V3 program. Despite the program being officially phased out in 2021, a critical vulnerability in liquidity provider validation allowed a sophisticated attacker to drain significant assets from legacy pools.

The Mechanics of the Exploit

The protocol’s core contributors identified the root cause as a failure to properly verify Liquidity Provider (LP) mint addresses within the legacy V3 program. By exploiting this insufficient validation, the attacker was able to bypass the protocol's internal proportion checks, essentially creating unauthorized mints to withdraw assets. The breach resulted in the theft of several high-value assets, including:

  • 150,000 RAY tokens
  • 5,600 SOL
  • Approximately 900,000 USDC stablecoins
  • Assets from the RAY-SOL, USDC-RAY, and SRM-RAY pools

The Laundering Trail and Recovery Efforts

Following the heist, blockchain security firm PeckShield tracked the stolen funds as they were moved across chains. The attacker bridged the assets from Solana to Ethereum and began an active laundering process. On-chain data revealed that 810 ETH was funneled through the privacy mixer Tornado Cash, while additional funds were moved to the FixedFloat exchange to obscure the digital trail. Raydium has since emphasized that its current AMM programs and user tools remain unaffected, as the vulnerability was strictly confined to the deprecated V3 code.

Security Outlook and Protocol Response

In the wake of the incident, Raydium has initiated a comprehensive security review of all active mainnet programs to ensure no similar vulnerabilities exist in current iterations. While the RAY token price faced immediate pressure following the news, the exchange's team reiterated that the affected software was effectively "unreachable" via the standard user interface for over two years. Developers continue to monitor on-chain activity and coordinate with security experts to safeguard the protocol’s remaining liquidity.

Original article
altFINS

Social media:

FAQ
[email protected]
[email protected]
[email protected]
[email protected]
Data
Trade
Insights
App Store Google Play
Cookies Policy - Privacy Policy - Terms of Use - © 2025 Altfins, j. s. a.