The attacker exchanged the loot for 810 ETH earlier than dispersing it.
deBridge, Twister Money and FixedFloat have been used to cover the path.
The decentralized alternate, Raydium, suffered an exploit of roughly USD 1.3 million in 5 legacy liquidity swimming pools on the Solana community, an incident that was reported on June 10, 2026. The exploit originated in a vulnerability current in outdated variations of Raydium’s AMM V3, a system that has been deprecated since 2021.
The attacker created a pretend LP token and used it to use a flaw within the validation of sensible contracts, which verified the provision of the token however not the tackle of emission related. That distinction allowed the attacker to burn the pretend token and will withdraw 100% of the reserves saved in 5 inactive swimming pools of the protocol.
The affected swimming pools have been created in the course of the integration stage with Serum and subsequently discontinued in Solana. Amongst them have been the pairs Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY and RAY-SOL. Altogether, the attacker managed to steal roughly 150,177 RAY, 5,603 SOL and 893,700 USDC.
In line with information from the incident evaluation, the attacker’s pockets was initially funded by way of the KuCoin alternate. Subsequently, the funds have been transferred to the Ethereum community by way of the deBridge protocol, the place The attacker transformed roughly 810 ETH earlier than dispersing it by way of mixing companies corresponding to Twister Money and FixedFloat to make them troublesome to trace.
Raydium confirmed the incident by way of its technical group and highlighted that no lively customers have been affected. The reason being that the compromised swimming pools weren’t accessible from its interface, SDK or DApp for years, since that they had been faraway from operation after inner protocol migrations. In response, The group introduced that it’s going to reimburse 100% of the losses with funds from its treasury and that it’s going to allow a complaints system by way of a public spreadsheet, whereas reviewing different outdated applications to verify that the vulnerability doesn’t lengthen to lively variations.
The incident reopens the talk concerning the persistence of the so-called “zombie code” in DeFi, that’s, sensible contracts which are deserted however stay executable on cryptocurrency networks. Though they aren’t half of the particular operation of the protocols, they could retain locked worth or weak logic that continues to be uncovered indefinitely.
Likewise, past the particular influence, The case is a part of a broader pattern inside the ecosystem. In April 2026 alone, greater than 34 hacks have been recorded in decentralized finance protocols, with losses that reached roughly USD 635 million, accounting for 78% of the entire stolen to date this yr, as reported by CriptoNoticias. In that very same interval, incidents corresponding to Drift Protocol or Kelp DAO confirmed that assault vectors vary from governance failures to crucial infrastructure compromises, increasing the danger floor throughout the sector.
On this context, The Raydium exploit doesn’t stand out for its magnitude, however for its nature: It didn’t have an effect on lively techniques of the protocol, however moderately parts that continued to be executable within the chain regardless of having been taken out of use. Most of these incidents reinforce an more and more seen dynamic in DeFi, the place danger is just not restricted to the infrastructure in operation, however also can emerge from contracts that stay accessible even when they’re now not a part of the every day operation of the protocol.
