The recent Raydium exploit, which siphoned $1.3 million from legacy Solana pools, underscores the persistent vulnerabilities in dormant DeFi protocols. This incident highlights the risks that outdated code poses to the broader Solana ecosystem, even as developers strive for enhanced security.
Incident Timeline
On June 10, 2026, Raydium confirmed a security breach that drained $1.3 million in assets from its legacy liquidity pools. PeckShield and on-chain investigator Specter were among the first to identify the exploit, which involved a validation flaw in Raydium’s retired automated market maker (AMM) code. The attacker managed to withdraw liquidity by circumventing mint checks in these obsolete systems.
The assets stolen included 150,177 RAY, 5,603 SOL, and 893,700 USDC, which were subsequently bridged to Ethereum and washed through Tornado Cash and FixedFloat, complicating recovery efforts.
How It Happened
The breach capitalized on a known vulnerability within Raydium’s deprecated AMM V3 program, phased out in 2021. The attacker utilized a fake mint address to bypass existing checks and siphon off liquidity undetected. This exploit emphasizes the ongoing threat posed by legacy code, which can persist as a target long after being retired.
The attacker’s initial funding was traced back to KuCoin before the stolen assets were moved to Ethereum and dispersed through privacy-focused mixers, making the funds challenging to trace and recover.
Protocol Response
In response to the breach, Raydium has assured stakeholders that it will cover the losses from its treasury. This decision aims to maintain trust within the community and ensure that active pools and current users remain unaffected by the incident. The protocol’s swift action in addressing the financial impact is commendable, yet it also raises concerns about the protocol’s reliance on legacy code.
This is not the first time Raydium has faced security challenges. A similar incident in December 2022 involved an admin key compromise that led to significant losses, subsequently addressed through governance votes and strategic fund allocations.
Ecosystem Implications
The exploit underscores the critical need for ongoing audits and updates to legacy systems within the DeFi space. As the Solana ecosystem matures, ensuring that deprecated code does not become a liability is paramount. This incident serves as a stark reminder of the hidden costs associated with maintaining outdated infrastructure.
Despite the breach, market reactions have been muted, with Raydium’s RAY token experiencing negligible price fluctuations. This resilience suggests that while the exploit is significant, the broader market sees it as an isolated incident rather than a systemic failure.
Legacy code vulnerabilities continue to pose substantial risks within the DeFi ecosystem.
Editor’s Insight
Raydium’s recent exploit highlights a persistent challenge in the DeFi space: securing legacy systems. As the DeFi landscape evolves, the importance of robust, up-to-date security measures cannot be overstated. This incident is a cautionary tale for other protocols that may still rely on outdated code, emphasizing the need for continuous innovation and vigilance.
For Solana’s ecosystem, this breach serves as a reminder of the critical importance of proactive security measures and the potential consequences of overlooking legacy vulnerabilities. As the investigation continues, stakeholders will be keenly watching for lessons that can be applied across the industry.




