Raydium has pledged to fully reimburse losses after an exploit drained approximately $1.3 million from five legacy liquidity pools built on Solana.
Summary
- Raydium said it will fully reimburse losses after an exploit drained about $1.3 million from five legacy Solana liquidity pools.
- On-chain investigator Specter said the attacker used a fake mint address to exploit retired AMM code and steal RAY, SOL, and USDC.
- PeckShield traced part of the stolen funds to Tornado Cash, while Raydium said active pools and current users were unaffected.
According to blockchain security firm PeckShield and on-chain investigator Specter, the attack targeted retired automated market maker infrastructure that is no longer used by active Raydium pools. The protocol said current users and active liquidity pools were not affected by the incident.
Details shared by Specter indicate that the attacker exploited a validation weakness in dormant pools tied to Raydium’s early AMM design. By using a fake mint address, the attacker was able to bypass checks and withdraw liquidity from the affected pools.
The stolen assets included roughly 150,177 RAY tokens, 5,603 SOL, and 893,700 USDC. Specter reported that the attacker initially received funding through KuCoin before moving the stolen assets across chains to Ethereum.
Exploit was limited to retired Raydium infrastructure
Following the attack, Raydium stated that the affected pools belonged to a deprecated program with no active user participation. The team added that all impacted assets would be covered by the project treasury, preventing losses from falling on users who still had exposure to the legacy pools.
Tracking data from PeckShield showed that part of the stolen funds was routed through privacy tools after the exploit. The security firm reported that approximately 810 ETH was deposited into Tornado Cash, while another seven ETH was transferred to FixedFloat.
The movement of funds through Tornado Cash may complicate efforts to trace assets. PeckShield noted the transfers after the Ethereum-based funds were bridged from Solana. The mixer was removed from the U.S. Treasury Department’s sanctions list in March 2025.
Security incidents involving inactive code have become a recurring concern across decentralized finance. As previously reported by crypto.news, Token of Power suffered a separate exploit earlier this week that drained more than $1.5 million from a liquidity pool after an attacker manipulated token balances and withdrew WETH reserves. The two incidents involved different protocols and attack methods.
Raydium has moved quickly to cover user losses
Compensation commitments are not new for Raydium. The protocol faced another major security incident in December 2022 when an admin key compromise led to losses from active liquidity pools.
At the time, a governance proposal approved the use of buyback fees and vested team tokens to reimburse affected liquidity providers. The latest response follows a similar approach, with the project confirming that treasury funds will be used to make users whole.
Market reaction has remained relatively muted. Data at the time of writing showed Raydium (RAY) trading near $0.57, down less than 1% over the previous 24 hours. Solana (SOL) also moved lower during the same period, slipping nearly 2% to around $63.88.
While investigators continue tracing the stolen assets, information from PeckShield and Specter suggests the exploit was confined to outdated infrastructure rather than Raydium’s current trading systems.
