Ghost Code, $1.34M Heist: Five-Year-Old Raydium Pool Bug Throws a Reunion Party 🕯️

Raydium, a decentralized exchange on Solana, confirmed on June 10, 2026, that an attacker drained $1.34 million from five deprecated liquidity pools tied to its legacy AMM V3 program, a smart contract that had been phased out in 2021 and was no longer accessible through the protocol's SDK, user interface, or current dApp. Pseudonymous Raydium contributor 0xInfra wrote on X that "no current users of Raydium are affected by this exploit or would have been able to interact with these pools through the UI since their deprecation," and added that the firm will repay stolen funds using its treasury. The exploit extended a growing list of crypto security incidents in 2026, a year in which total stolen funds have reached $795.3 million, with April alone accounting for the largest share of breaches.

The attacker, using a Solana address ending in "Bq33QVk," took advantage of a self-contained logic flaw in the legacy program that failed to properly validate liquidity provider token mints. The exploit worked by creating a fake SPL token mint unrelated to any real Raydium pool, minting a single counterfeit LP token, and then calling the legacy withdraw function, which treated the attacker as a 100% LP shareholder and released the full pool reserves. That sequence was repeated across the RAY–SOL, USDC–RAY, SRM–RAY, Sollet USDT–RAY, and Sollet ETH–RAY pools, draining approximately 150,177 RAY, 5,603 SOL, and 893,700 USDC, figures equivalent to roughly $86,000 in RAY, $357,000 in SOL, and nearly $900,000 in USDC at the time.

According to on-chain analysis, the exploiter bridged the funds from Solana to Ethereum via a cross-chain bridge and then deposited them into Tornado Cash to obscure the trail. Blockchain security firm PeckShield also tracked seven Ethereum [ETH] sent to FixedFloat and 810 ETH to Tornado Cash. Raydium's current mainnet programs, which rely on virtual supply mechanisms and verify LP mints, are not vulnerable to this class of attack, according to 0xInfra, who emphasized that the incident was not the result of a key compromise, admin authority takeover, or protocol-wide security breach. A broader security review of all mainnet programs is now underway.

Despite the exploit, RAY traded at $0.5815 at publication, a 2.08% increase over the previous day, though the token remained down 8% on the week and 30% on the month. The Raydium incident comes amid a wave of recent DeFi attacks: in April, KelpDAO and Solana-based Drift Protocol each lost just under $300 million, and last week privacy network Zcash saw its native token fall roughly 38% in 24 hours after developers disclosed that a security researcher used Anthropic's Claude Opus 4.8 to uncover a four-year-old vulnerability in its Orchard privacy pool. Although there is no evidence AI was used in the Raydium exploit, the disclosure arrived one day after Anthropic released an upgraded version of its cybersecurity-focused model Mythos alongside a more limited public version called Claude Fable 5.