TLDR
- An attacker drained roughly $1.34 million from five inactive Raydium liquidity pools on Solana
- Stolen assets included around 150,000 RAY tokens, 5,600 SOL, and 893,700 USDC
- The exploit targeted a deprecated AMM program phased out in 2021, not current pools
- Raydium confirmed its treasury will fully reimburse all affected users
- PeckShield traced approximately 810 ETH of stolen funds to Tornado Cash
Raydium, a decentralized exchange built on Solana, confirmed on June 10 that an attacker exploited a retired piece of its infrastructure and drained around $1.34 million in crypto assets.
#PeckShieldAlert Specter reported that @Raydium has been drained of $1.3M worth of crypto
The attacker was initially funded from #KuCoin, bridged the stolen funds from #Solana to ETH, and deposited 810 $ETH to #TornadoCash and 7 ETH to #FixedFloat. pic.twitter.com/Cm3nQwUfZV
— PeckShieldAlert (@PeckShieldAlert) June 10, 2026
The affected pools had not been accessible through Raydium’s interface since the AMM V3 program was phased out in 2021. Raydium said current users and active liquidity pools were not involved.
How the Attack Happened
On-chain investigator Specter said the attacker used a fake mint address to bypass validation checks in the dormant pools. The weakness came from insufficient validation of LP mints, which allowed proportion checks to be bypassed.
The attacker pulled out roughly 150,177 RAY tokens, 5,603 SOL, and 893,700 USDC. Specter reported the attacker received initial funding through KuCoin before moving assets to Ethereum.
Blockchain security firm PeckShield tracked the stolen funds after they were bridged to Ethereum. About 810 ETH was deposited into Tornado Cash, and another seven ETH was sent to FixedFloat.
Tornado Cash was removed from U.S. Treasury Department sanctions in March 2025. The use of the mixer may still complicate efforts to trace the remaining funds.
Raydium Will Reimburse All Losses
Raydium confirmed that its treasury will cover all losses from the exploit. The protocol said no active users were affected, but some users still held exposure to the legacy pools.
This is not the first time Raydium has committed to covering user losses. In December 2022, an admin key compromise led to losses from active pools. At that time, a governance vote approved using buyback fees and vested team tokens to pay back liquidity providers.
The project said its current mainnet programs are unaffected and are now undergoing a separate security review.
Market reaction was limited. Raydium was trading near $0.57, down less than 1% in the 24 hours following the incident. Solana slipped nearly 2% to around $63.88 during the same period.
The RAY token had little reaction, trading up more than 2% on the day the exploit was reported.
Raydium said its SDK and decentralized app do not support interactions with legacy AMM V3 pools on mainnet, confirming the attack was isolated to retired code.
Investigators from PeckShield and Specter continue to trace the stolen assets. Based on available data, the exploit was confined to outdated infrastructure and did not touch Raydium’s active trading systems.
