Raydium (RAY) lost about $1.3 million on Wednesday in an exploit that drained five legacy liquidity pools on Solana (SOL). The team confirmed that its treasury will fully cover the losses.
Blockchain security firm PeckShield and on-chain investigator Specter flagged the incident. However, the exploit only touched retired automated market maker (AMM) code, leaving active pools and current users unaffected.
Attacker Faked Mint Validation to Drain Retired Raydium Pools
According to Specter, the attacker exploited a validation flaw in dormant pools tied to Raydium’s early AMM design. A fake mint address let them withdraw liquidity undetected.
The stolen assets included roughly 150,177 RAY, 5,603 SOL, and 893,700 USD Coin (USDC). The attacker was initially funded through KuCoin before moving the funds to Ethereum (ETH).
PeckShield traced 810 ETH into Tornado Cash and another seven ETH to FixedFloat.
Follow us on X to get the latest news as it happens
The US Treasury delisted the mixer from its sanctions list in March 2025.
Exploiters often funnel funds through mixers to break the on-chain trail, which makes recovery difficult.
Raydium Treasury Covers Exploit Losses as RAY Price Holds
Raydium stated that the affected pools belonged to a deprecated program with no active user interaction.
Meanwhile, the team pledged to reimburse impacted assets in full from its treasury.
The protocol faced a similar test in December 2022, when an admin key compromise drained active pools.
A governance vote then tapped buyback fees and vested team tokens to compensate liquidity providers.
Markets largely shrugged off the breach. The RAY price is down by less than 1% in the last 24 hours to trade near $0.57 as of this writing.
In the same way, the SOL market price slipped nearly 2% to about $63.88.
The incident shows how dormant legacy code can stay a target long after retirement.
Whether investigators can trace the mixed funds may become clearer in the coming days.
