Raydium Says Legacy AMM V3 Exploit Drained $1.34M From Deprecated Pools; Users Unaffected, Treasury to Reimburse

Meta Description: Solana DEX Raydium reports a $1.34M exploit in its deprecated AMM V3 pools on June 10, 2026; users unaffected, losses to be reimbursed from treasury.

Solana-based decentralized exchange Raydium said on June 10, 2026 that an attacker exploited a coding flaw in the project’s legacy AMM V3 program to drain approximately $1.34 million in assets from a handful of deprecated liquidity pools. The incident highlights residual risks that can persist in outdated smart contracts even after they are removed from front-end access. Raydium emphasized that current users and active pools were not affected and pledged to reimburse losses from its treasury while it conducts a fuller security review.

Market Movement

In the immediate aftermath, the market reaction to Raydium’s token was restrained. RAY changed hands near $0.5815 following a roughly 2.08% gain over the previous 24 hours, suggesting participants distinguished between deprecated contract risk and the protocol’s current operations. That said, the token’s broader trend remained softer, with declines of about 8% over the past week and 30% over the past month still weighing on sentiment.

This split response is typical when incidents stem from legacy contracts rather than live infrastructure. Traders often mark down near-term uncertainty but reassess once teams provide clarity on scope, remediation, and user impact. Raydium’s statement that the exploit was isolated to outdated code—and the commitment to reimburse losses—helped limit immediate price damage even as longer time-frame losses persisted.

Trading Activity

Preliminary tallies indicated the attacker siphoned roughly 150,177 RAY, 5,603 SOL, and close to 893,700 USDC from five deprecated pools associated with the legacy AMM V3 program. Impacted pairs comprised RAY-SOL, USDC-RAY, SRM-RAY, Sollet USDT-RAY, and Sollet ETH-RAY. Security monitoring also traced movement of proceeds across services commonly used in post-exploit laundering, including deposits to Tornado Cash and FixedFloat.

Raydium explained that the vulnerability arose from insufficient validation of LP token mints in the old codebase. By forging LP tokens, the exploiter could circumvent proportional share checks and withdraw funds from affected pools. Because these pools were deprecated, they were not accessible through the user interface or SDK, limiting the incident’s direct exposure to active liquidity providers using Raydium’s current stack.

Operationally, the team underscored that the mainnet programs in use today employ a different architecture, including virtual supply mechanisms and proper LP mint verification. That design shift is intended to block the very class of error exploited in the legacy code, reducing the chance of a similar attack vector affecting live pools.

Investor Sentiment

Communication cadence and restitution plans often influence how quickly confidence returns after a protocol-level incident. Raydium moved to reassure users that the exploit did not involve a compromised admin authority or private key and reiterated that no current pool could be reached via the affected path. The pledge to make victims whole through the project’s treasury further signaled balance sheet support for remediation.

For tokenholders, such measures can lower the perceived tail risk of unresolved liabilities. They also speak to an increasingly standardized playbook in decentralized finance: isolate the scope, explain the root cause in accessible terms, articulate why live systems remain secure, and commit to restitution when feasible. While this does not erase losses inside deprecated pools, it helps investors price the risk of ongoing operations more distinctly from legacy technical debt.

Broader Market Context

The Raydium event landed alongside other high-profile security incidents that drew attention to weak points across the crypto market’s technical and governance surfaces. In one case, an attacker seized administrative bridge permissions, enabling the depletion of 141 million H tokens on Ethereum. In another, a governance takeover allowed the withdrawal of roughly $1.5 million in WETH from an Ethereum-based balancer liquidity pool.

Beyond the specifics of any one case, this cluster of events illustrates the variety of failure modes facing decentralized systems: legacy code assumptions, governance capture, and mismanaged or compromised permissions. Industry trackers estimate that crypto-related exploits have totaled about $795.3 million so far in 2026, with April marking the heaviest month for breaches. Against that backdrop, investors increasingly differentiate between core protocol risk, app-layer governance risk, and the residual risk embedded in deprecated smart contracts.

Industry Impact

Raydium’s disclosure provides a case study in the long half-life of legacy code. Even when contracts are deprecated, not accessible through mainstream user interfaces, and no longer supported in developer tooling, on-chain code may still host assets or logic that can be probed for weaknesses. Over time, assumptions encoded in earlier architectures can diverge from current standards—particularly around token mint validation, share accounting, and permission checks—creating attack surfaces that do not exist in newer designs.

For development teams, the incident underscores the importance of lifecycle management for smart contracts: mapping residual exposures in deprecated systems, formalizing wind-down paths for illiquid or orphaned pools, and placing strict constraints on any interactions that remain possible on-chain. The shift Raydium described—toward virtual supply mechanisms and explicit LP mint verification—aligns with an industry move to design architectures that constrain edge cases and encode stronger invariant checks.

Security processes are also adapting. Teams increasingly blend automated analysis, peer review, and third-party audits with ongoing threat monitoring. When vulnerabilities do emerge, rapid response frameworks—freezing affected components when possible, notifying users, and engaging investigators—can limit downstream damage. While perfect security remains aspirational, disciplined operational practices can materially reduce exploitability and impact.

What This Means for Crypto Markets

For market participants, three implications stand out. First, risks attached to legacy or deprecated contracts warrant distinct due diligence. Even if front ends have removed links and SDKs have dropped support, on-chain code can persist with residual value or permissions. Liquidity providers and sophisticated traders monitoring those environments need clear data on what remains active, what rights can still be exercised, and how share accounting behaves under unusual conditions.

Second, governance and administrative controls continue to be a key attack surface. The contemporaneous incidents involving bridge permissions and a governance takeover point to scenarios where exploiting concentrated authority or procedural gaps can be as profitable for attackers as discovering a low-level coding bug. Evaluating how protocols distribute power, secure keys, and formalize upgrade paths is critical for investors trying to price tail risk.

Third, incident response quality has become a differentiator. Raydium’s swift framing of scope, articulation of a root cause bounded to deprecated code, and commitment to reimburse from treasury moderated immediate market stress. For tokens, the near-term price reaction can depend less on the raw exploit size than on whether the team can credibly decouple the event from ongoing operations and offer a clear remediation roadmap.

In trading terms, episodes like this can influence liquidity in two directions. Some liquidity providers step back temporarily, widening spreads and reducing depth until clarity improves. Others, seeing limited contagion and potential discounts in related assets, opportunistically add risk. The balance between these behaviors often sets short-term volatility and informs how quickly markets normalize.

Market Structure and Liquidity Considerations

The mechanics of this exploit—manufacturing counterfeit LP tokens due to inadequate mint validation—highlight how AMM share accounting underpins pool integrity. In AMMs, LP tokens represent pro-rata ownership of pooled assets. If a contract does not strictly verify rightful issuance and supply, forged LP tokens can distort total supply and allow withdrawals in excess of legitimate contributions. Modern designs address this through explicit verification of mint conditions, immutable supply constraints, and checks that track reserves against outstanding LP token balances.

Deprecated pools can introduce additional complications. They may host thin, residual liquidity left behind after migrations, making them more vulnerable to manipulation and draining attacks if a flaw is discovered. With low activity and limited monitoring, anomalies can persist longer before being detected. That said, because these pools sit outside standard interfaces, the user population directly exposed is smaller—a factor that can mitigate immediate market impact when teams respond quickly.

Ecosystem Effects on Solana DeFi

Events on high-throughput chains such as Solana often test the interplay between rapid iteration and secure deployment. Raydium’s account of moving its mainnet programs to an architecture with virtual supply mechanisms and validated LP mints reflects a broader emphasis on correctness as protocols mature. While innovation cycles remain fast, hardened patterns—particularly around token minting, pool accounting, and permission boundaries—are becoming table stakes.

For ecosystem participants, this strengthens the case for structured deprecation strategies. Clearly flagged legacy components, disabled front-end access, and on-chain controls that prevent further interaction can all help reduce residual attack surfaces. Communication around migrations and end-of-life timelines further supports users seeking to unwind positions safely and avoid exposure to retired code paths.

Risk Management and Operational Practices

Raydium’s commitment to reimburse losses from its treasury illustrates the growing use of internal capital buffers to absorb security incidents. While not all projects can make similar commitments, explicit treasury policies, insurance arrangements, or community-controlled backstops increasingly form part of risk management frameworks. The aim is to align incentives for robust security while offering users a degree of protection against unforeseen vulnerabilities.

At the same time, transparency around incident handling—detailing affected components, technical root cause, and planned audits—helps rebuild trust. Raydium stated the exploit did not result from a compromised admin authority or private key and that active programs remain protected by improved architecture. Such clarity enables participants to separate protocol health from the one-off risks tied to outdated contracts.

Comparative View With Recent Incidents

The parallel exploits affecting H tokens on Ethereum via bridge permissions and the governance-led withdrawal of WETH from a balancer pool underscore that no single defense model suffices. Code-level validation, governance safeguards, and permission hygiene must reinforce one another. While the Raydium event hinged on a legacy mint validation lapse, the others involved concentrated control vectors—highlighting the importance of minimizing unilateral authority and ensuring that upgrade or control mechanisms are both transparent and hard to capture.

Cumulatively, estimates of $795.3 million in losses across 2026 provide a stark reminder that the security baseline is still evolving. April’s position as the most breach-heavy month this year suggests that activity can cluster, either because attackers recycle newly found techniques or because market conditions draw attention to specific classes of protocols. For allocators, this backdrop argues for diversified risk, focus on operational maturity, and careful attention to how teams address known categories of failure.

Looking Ahead: Monitoring and Mitigation

Post-incident, participants will watch for several signals from Raydium’s follow-up process. The first is completion of the promised in-depth security review across mainnet programs, ideally accompanied by public documentation that explains findings and any additional hardening steps taken. The second is execution of reimbursements from the treasury and clarity on the mechanics for eligible parties tied to the deprecated pools. The third is ongoing monitoring of the attacker’s on-chain flows, where movement through mixers and swap services can complicate recovery but still inform attribution and law enforcement engagement.

More broadly, the industry’s learning curve continues to bend toward preventive design. Stronger invariant checks around minting and burning, explicit supply accounting, and minimized upgrade privileges reduce the space for catastrophic failures. Teams also benefit from formal deprecation protocols that make retired contracts difficult or impossible to interact with, even for sophisticated users, and from automated alerts that surface anomalies in little-used pools.

Conclusion

Raydium’s disclosure that a flaw in its legacy AMM V3 program enabled an attacker to drain about $1.34 million from deprecated pools adds to a year marked by diverse crypto exploits. The incident was bounded to outdated code, with current users and active pools unaffected, according to the team. Losses will be reimbursed from treasury, and a comprehensive security review is underway. Token performance reflected that nuance: a modest daily gain alongside continued weekly and monthly declines.

In a market where security lapses now span coding errors, governance takeovers, and administrative permission failures, investors are increasingly attuned to how protocols manage both live systems and historical technical debt. Raydium’s response—root cause transparency, restitution, and architectural safeguards—illustrates the maturing standards by which DeFi projects are evaluated. While the risk surface cannot be eliminated, disciplined engineering and clear incident management remain the best tools to limit impact and preserve confidence.