Raydium faces $1.3M exploit in retired Solana pools

An attacker drained about $1.3 million from five retired Raydium AMM pools on Solana using a forged mint validation; Raydium’s treasury will reimburse losses.

Raydium confirmed an attacker withdrew roughly $1.3 million from five retired automated market maker (AMM) pools on the Solana blockchain and said its treasury will cover the losses. The affected pools were part of a legacy AMM V3 program that Raydium phased out in 2021 and were not accessible to users through the platform interface.

Blockchain security firm PeckShield and on-chain investigator Specter flagged the incident on Wednesday. Specter reported the attacker exploited a validation flaw in the dormant pools, using a forged mint address to remove funds without triggering the usual checks. The stolen assets included about 150,177 RAY tokens, 5,603 SOL and roughly 893,700 USDC.

PeckShield traced parts of the proceeds across networks. The attacker was initially funded through KuCoin, then moved funds to Ethereum. From there, about 810 ETH was routed into Tornado Cash and seven ETH into FixedFloat. Tornado Cash was removed from the U.S. Treasury sanctions list in March 2025. Mixers are often used to obscure on-chain trails and can complicate recovery efforts.

Raydium emphasized the breach affected retired code and not active liquidity. The team pledged to make impacted parties whole using the protocol treasury. Raydium wrote: “No current users of Raydium are affected by this exploit or would have been able to interact with these pools through the UI,” and noted the vulnerable code belonged to an earlier protocol version.

Market reaction was limited. RAY traded down by less than 1% to about $0.57 in the 24 hours after the exploit, while SOL fell nearly 2% to about $63.88. In December 2022 a separate incident involving an admin-key compromise allowed attackers to drain active pools; a governance vote then approved using buyback fees and vested team tokens to compensate affected liquidity providers.

Security teams and on-chain investigators continue to follow the flow of funds through exchanges and mixing services. Investigators say tracing and any potential recovery of mixed funds may become clearer as more on-chain activity is analyzed.

Articles by this author