The decentralized change, Raydium, suffered an exploit of roughly USD 1.3 million in 5 legacy liquidity swimming pools on the Solana community, an incident that was reported on June 10, 2026. The exploit originated in a vulnerability current in outdated variations of Raydium’s AMM V3, a system that has been deprecated since 2021.
The attacker created a faux LP token and used it to take advantage of a flaw within the validation of good contracts, which verified the provision of the token however not the deal with of emission related. That distinction allowed the attacker to burn the faux token and will withdraw 100% of the reserves saved in 5 inactive swimming pools of the protocol.
The affected swimming pools have been created in the course of the integration stage with Serum and subsequently discontinued in Solana. Amongst them have been the pairs Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY and RAY-SOL. Altogether, the attacker managed to steal roughly 150,177 RAY, 5,603 SOL and 893,700 USDC.
In accordance with information from the incident evaluation, the attacker’s pockets was initially funded by the KuCoin change. Subsequently, the funds have been transferred to the Ethereum community by the deBridge protocol, the place The attacker transformed roughly 810 ETH earlier than dispersing it by mixing providers comparable to Twister Money and FixedFloat to make them troublesome to trace.
Raydium confirmed the incident by its technical staff and highlighted that no lively customers have been affected. The reason being that the compromised swimming pools weren’t accessible from its interface, SDK or DApp for years, since that they had been faraway from operation after inside protocol migrations. In response, The staff introduced that it’ll reimburse 100% of the losses with funds from its treasury and that it’ll allow a complaints system by a public spreadsheet, whereas reviewing different outdated packages to verify that the vulnerability doesn’t lengthen to lively variations.
The incident reopens the talk in regards to the persistence of the so-called “zombie code” in DeFi, that’s, good contracts which can be deserted however stay executable on cryptocurrency networks. Though they aren’t half of the particular operation of the protocols, they could retain locked worth or susceptible logic that continues to be uncovered indefinitely.
Likewise, past the precise affect, The case is a part of a broader development inside the ecosystem. In April 2026 alone, greater than 34 hacks have been recorded in decentralized finance protocols, with losses that reached roughly USD 635 million, accounting for 78% of the overall stolen to date this yr, as reported by CriptoNoticias. In that very same interval, incidents comparable to Drift Protocol or Kelp DAO confirmed that assault vectors vary from governance failures to vital infrastructure compromises, increasing the chance floor throughout the sector.
On this context, The Raydium exploit doesn’t stand out for its magnitude, however for its nature: It didn’t have an effect on lively programs of the protocol, however relatively parts that continued to be executable within the chain regardless of having been taken out of use. These kind of incidents reinforce an more and more seen dynamic in DeFi, the place threat shouldn’t be restricted to the infrastructure in operation, however can even emerge from contracts that stay accessible even when they’re not a part of the day by day operation of the protocol.
