On June 10, 2026, a hacker exploited 5 deprecated liquidity swimming pools on Raydium, Solana largest decentralized change, draining roughly $1.34 million in crypto belongings by way of a cast LP token assault on the protocol’s legacy AMM V3 program.
The stolen funds included ~$900,000 in USDC, ~$357,000 in SOL, and ~$86,000 in RAY tokens. The RAY token up 2% within the 24 hours following the incident, just lately altering fingers at $0.578, already down ~7% on the week and sitting 96.6% beneath its all-time excessive of $16.83.
🚨Raydium confirms $1.34M exploit on legacy AMM V3 swimming pools. No present customers affected; full compensation from treasury. pic.twitter.com/tqmKATA2tH
— Solana Hub (@SolanaHub_) June 10, 2026
EXCLUSIVE: Earn $10 USDC Through Binance Signal-Up
Solana Raydium Exploit Defined: How a Pretend Token Fooled a Retired Good Contract
Consider it like a decommissioned financial institution department that closed its doorways to clients years in the past, however administration forgot to maneuver the money out of the vault. The tellers are gone, the ATM is switched off, the department doesn’t seem on the financial institution’s web site anymore. But when somebody discovered a facet door nonetheless unlocked, the cash inside can be simply as actual as ever.
That’s nearly precisely what occurred right here. Raydium operates as an AMM, an automatic market maker, which implies it makes use of sensible contract-managed liquidity swimming pools as a substitute of conventional order books to facilitate trades on Solana. In 2021, Raydium phased out its legacy AMM V3 program after Serum’s order e book was deprecated, changing it with up to date structure. The outdated program was faraway from the UI, however the underlying sensible contract and the funds locked inside it remained stay on-chain.
The attacker discovered a sensible contract vulnerability in that legacy code: the AMM V3 program didn’t correctly validate the LP mint tackle, the token that represents a liquidity supplier’s share of a pool. By making a pretend LP token mint and presenting it to the contract, the hacker satisfied this system’s inner accounting that their counterfeit tokens represented legit pool possession. The contract then allowed them to withdraw the swimming pools’ actual belongings as if they had been a real LP redeeming a place.
Throughout 5 swimming pools, Sollet USDT–RAY, Sollet ETH–RAY, SRM–RAY, USDC–RAY, and RAY–SOL, the attacker withdrew ~150,177 RAY, ~5,603 SOL, and ~893,700 USDC. After the liquidity pool hack, the funds had been bridged from Solana to Ethereum and deposited into Twister Money, a crypto mixer that breaks the on-chain transaction path, a laundering sample more and more widespread in 2026 DeFi exploits. The attacker’s Solana tackle (ending in Bq33QVk) was initially funded by way of KuCoin.
EXCLUSIVE: Earn $10 USDC Through Binance Signal-Up
The Structural Story: Why Retired Code Nonetheless Held Reside Funds
Crucial factor to grasp about this DeFi exploit is what “deprecated” really means on a public blockchain, and what it doesn’t imply. When a protocol deprecates a program, it usually stops directing customers to it by way of the interface and focuses growth consideration elsewhere.
What it nearly by no means does robotically is freeze the contract’s state or migrate funds out of the outdated swimming pools.
On Solana, and on Ethereum and nearly each different sensible contract platform, a deployed program stays callable by anybody who is aware of its tackle, no matter whether or not it seems on a entrance finish. Except a protocol explicitly pauses the contract, burns its improve authority, or migrates all liquidity out, the code retains operating.
Raydium’s legacy AMM V3 had been invisible to on a regular basis customers for 4 years, but it surely was by no means immobilized. That’s the structural hole this exploit walked by way of.
Raydium is conscious of an exploit involving unauthorized removing of liquidity from its legacy AMM V3 program which was beforehand phased out in 2021.
No present customers of Raydium are affected by this exploit or would have been in a position to work together with these swimming pools by way of the UI since…
— Infra | Raydium (@0xINFRA) June 10, 2026
Pseudonymous Raydium contributor 0xInfra confirmed the exploit was “a self-contained logic flaw” within the outdated program, not a key compromise or authority-level challenge, that means Raydium’s present mainnet applications carry no equal vulnerability.
However the broader implication is uncomfortable: what number of different DeFi protocols operating on Solana or different chains have deprecated contracts quietly holding dormant liquidity that has by no means been formally migrated or frozen? This incident means that quantity could also be greater than anybody has audited.
Solana’s ecosystem has been evolving quickly, however legacy infrastructure can lag far behind governance choices.
DISCOVER: The 12+ Hottest Crypto Presales to Purchase Proper Now
Observe 99Bitcoins on X For the Newest Market Updates and Subscribe on YouTube For Every day Skilled Market Evaluation.
Why you may belief 99Bitcoins
Established in 2013, 99Bitcoin’s group members have been crypto specialists since Bitcoin’s Early days.
90hr+
Weekly Analysis
100k+
Month-to-month readers
50+
Skilled contributors
2000+
Crypto Initiatives Reviewed
Observe 99Bitcoins in your Google Information Feed
Get the most recent updates, tendencies, and insights delivered straight to your fingertips. Subscribe now!
Subscribe now 
