Raydium's legacy AMM V3 program was exploited for approximately $1.34 million after an attacker abused a liquidity provider mint validation flaw in deprecated Solana pools. The Raydium team said the issue was isolated to an old AMM V3 contract that had been phased out in 2021 and did not affect the platform's current liquidity programs or active users. The exploit drained five deprecated liquidity pools tied to the legacy program, with the root cause identified as a self-contained validation flaw involving LP mint checks that allowed the attacker to manipulate pool logic using invalid or fake LP token conditions. The incident adds to the growing list of decentralized exchange infrastructure failures and raises questions about how DeFi protocols manage retired contracts and residual liquidity.
Attacker Exploits LP Mint Validation Flaw in Five Deprecated Pools
According to Raydium core contributor Infra, the root cause was a self-contained validation flaw involving LP mint checks. The attacker was able to manipulate pool logic by using invalid or fake LP token conditions, allowing funds to be withdrawn from pools that should no longer have carried meaningful user risk. The exploit drained five deprecated liquidity pools tied to the legacy program.
The affected AMM V3 program had been superseded years earlier, but the remaining pools still held enough assets to make exploitation profitable. The attacker did not need to compromise Raydium's current products. Instead, the exploit targeted a narrow validation weakness in an older liquidity design.
Raydium Commits Treasury Compensation for Affected Losses
Raydium said it will compensate affected losses from its treasury. The team said current Raydium users were unaffected, limiting immediate contagion risk across Solana decentralized finance. The response is important because the exploit involved obsolete infrastructure rather than current user-facing pools, but the loss still raises questions about how decentralized protocols manage retired contracts, residual liquidity and long-tail smart contract exposure.
Blockchain security firms traced the attacker's movements after the drain, with funds reportedly routed through KuCoin, a Solana-to-Ethereum bridge, Tornado Cash and FixedFloat. That laundering path shows how quickly even relatively small DeFi exploits can become difficult to recover once assets move across centralized exchanges, bridges and privacy tools.
Legacy Contracts Pose Ongoing Security Risk in DeFi
The incident highlights a recurring problem in decentralized finance: old contracts can remain financially relevant even after newer systems replace them. Protocols often deprecate earlier versions but cannot easily erase deployed smart contracts from public blockchains. If users, bots or forgotten liquidity remain connected to those programs, dormant infrastructure can become an attack surface years after active development has moved elsewhere.
For DeFi protocols, deprecation is therefore not only a product-management task. It is a security process. Teams must identify inactive pools, warn users, remove front-end access, monitor residual balances and create clear migration paths. Where possible, they may also need emergency controls or incentives to drain obsolete pools before they become targets.
The broader market implication is that DeFi security risk is not confined to newly launched contracts. Mature protocols carry historical code, old liquidity structures and legacy integrations that may not receive the same level of monitoring as current systems. As DeFi becomes more institutional, auditors and investors will increasingly ask whether protocols have formal lifecycle processes for retiring contracts safely.
FAQ
What caused the Raydium legacy AMM V3 exploit?
The exploit was caused by a liquidity provider mint validation flaw in deprecated Solana pools. The attacker manipulated pool logic by using invalid or fake LP token conditions, allowing funds to be withdrawn from five deprecated liquidity pools tied to the legacy AMM V3 program that had been phased out in 2021.
How did Raydium respond to the $1.34 million exploit?
Raydium said it will compensate affected losses from its treasury. The team confirmed that the issue was isolated to an old AMM V3 contract and did not affect the platform's current liquidity programs or active users, limiting immediate contagion risk across Solana decentralized finance.
