Raydium DEX’s AMM Program Exploited For $1.34 Million — Here’s What Went Wrong
Raydium, a Solana-based decentralized exchange, reported a $1.34 million exploit involving its retired AMM V3 program. The attacker drained roughly 150,000 RAY, 5,600 SOL, and nearly 900,000 USDC from pools including RAY-SOL, USDC-RAY, and SRM-RAY. Raydium said the issue came from insufficient validation of LP mints in the legacy AMM V3, which let the attacker create a fake LP mint and bypass pool accounting checks. The affected program had been phased out in 2021 and was not accessible through current Raydium tools. PeckShield said the stolen funds were funded through KuCoin, bridged from Solana to Ethereum, and partially laundered through Tornado Cash and FixedFloat. Raydium said its current programs were not affected and that it is reviewing mainnet security.
