Raydium (RAY)

DeFi teams obsess over the next smart contract exploit. But what if the bigger threat is code everyone forgot exists? The recent Raydium exploit exposed a growing security blind spot across DeFi: zombie contracts. Hackers drained roughly $1.34M from abandoned V3 AMM liquidity pools that were no longer part of Raydium's active product suite. The pools weren't supported by the UI, weren't integrated into current workflows, and had effectively been forgotten. The problem were still live on-chain. A contract doesn't stop being attackable just because a protocol stops talking about it. According to public security reports, at least 8 confirmed exploits since 2025 have targeted deprecated or abandoned contracts, generating more than $10.8M in losses. When broader legacy infrastructure incidents are included, losses rise to approximately $22.5M. What's interesting is that most of these incidents aren't really being discussed as a separate risk category. They're usually filed under "smart contract vulnerabilities." But the root cause is often different. The issue is flawed contract lifecycle management. Raydium's deprecated V3 architecture lacked validation mechanisms found in newer versions. Attackers exploited those missing safeguards by creating fake liquidity tokens and presenting them as legitimate LP assets, ultimately draining idle funds that had remained trapped inside forgotten pools. The pattern is becoming familiar across DeFi: • Product gets deprecated. • Users migrate elsewhere. • Legacy contracts remain active. • Monitoring decreases. • Attackers discover the opportunity. • Treasury absorbs the damage. Nobody using the current product gets affected. Yet the protocol still pays the bill. This is why "deprecated" should never be treated as a security status but a documentation status. If a contract still holds assets, accepts calls, maintains permissions, or interacts with other systems, it remains part of the protocol's attack surface regardless of whether users can access it through the front end. Every major DeFi protocol now carries years of historical deployments, legacy integrations, retired modules, dormant liquidity pools, and old permission structures. Those forgotten pieces of infrastructure are quietly becoming some of the most attractive targets in crypto. The next wave of DeFi security will not be about finding bugs in new code. It will be about eliminating risk hidden inside old code. Because on-chain, forgotten doesn't mean gone.

🔥 Raydium confirms a vulnerability on its old AMM V3 👀 The program in question had been inactive since 2021. #Raydium #Solana #DeFi https://t.co/Ll0knSadML

🚨 UPDATE: Raydium confirmed an exploit on its discontinued AMM V3 program, inactive since 2021. https://t.co/gerk1gi4N4

⚠️ Raydium suffers an exploit of $1.34 million in a legacy AMM program; the treasury will cover the losses Raydium confirmed an exploit in its old AMM V3 program that resulted in the theft of approximately $1.34 million worth of assets. The attack occurred in inactive liquidity pools and was due to insufficient validation in legacy contracts that allowed the attacker to bypass proportion controls. Incident details The hack affected exclusively withdrawn and inactive liquidity pools, including RAY‑SOL, USDC‑RAY and SRM‑RAY. According to the Raydium team, the vulnerable code belonged to a discontinued version of the protocol that had not been used since 2021 and had already been removed from the official interface. Developers emphasized that active users of the platform were not affected, as the exploit was limited to legacy contracts that are no longer part of Raydium's operating ecosystem. Market reaction and team response Despite the incident, the native RAY token showed resilience and rose more than 2% in the hours following the announcement. The project's treasury confirmed it will assume the full cost of the losses to compensate those affected. As a preventive measure, the Raydium team launched an exhaustive and independent security review of all active smart contracts deployed on the Solana mainnet. The incident again highlights the risks associated with legacy contracts that remain deployed on the blockchain, even when they are no longer in active use. In summary Raydium suffered a $1.34 million exploit in its old AMM V3 program, affecting only inactive liquidity pools belonging to a protocol version discontinued since 2021. Current users were not affected. The project's treasury will cover the losses and the team has initiated a full security review of its active smart contracts. Despite the incident, the RAY token remained stable and advanced more than 2% after the announcement. Important notice This information is based on Raydium's official statement and on-chain reports published on June 11, 2026. It does not constitute investment advice. Always perform your own analysis before making any financial decision.

🔴Again hacked, Raydium just lost $1.34M from 5 old pools 📌Raydium confirms it will use the treasury to compensate the loss after an attacker exploited a vulnerability in the old AMM V3 program, which has been deprecated since 2021. The attack affected several inactive liquidity pools, including pairs such as RAY‑SOL, USDC‑RAY and SRM‑SOL. Approximately 150,000 RAY, 5,600 SOL and nearly 900,000 USDC were withdrawn. 📌The issue is not with the current Raydium product, but with legacy code that still exists on the chain; even though the protocol is continuously updated, the old smart contracts linked to assets still pose risk. 📌Raydium uses the treasury to cover the loss simply because the damage is relatively small, but what if the scale were larger? Current users are not directly affected, yet the anxiety about DeFi cannot disappear. 📌This year’s hack incidents will kill the already scarce trust in old DeFi protocols. DeFi will not change the world. The market needs a different story.

any deprecated smart contracts still holding a meaningful amount of assets are basically blackhat bounties at this point unless the contracts are immutable, teams should announce a liquidity transition plan to prevent unmaintained contracts from being exploited in the future

Today, Raydium got exploited through an old contract from 2021. Two days ago, Haedal also had a very similar issue related to an old contract that was no longer being used. This makes me think that the vulnerability recently discovered in zcash:native being from 2021 is actually normal now. There's a high chance it had simply never been exploited before. Because clearly, all of this seems related to AI. Only AI can realistically find things that humans have overlooked for years. If someone did find the zcash:native vulnerability and exploit it, I believe it probably happened recently rather than years ago.

The ghost pools got drained. Raydium lost $1.34 million today. But the attack was not on its main exchange. The attacker targeted 5 old liquidity pools that were stopped in 2021 but were never fully turned off. These contracts stayed onchain for more than 3 years without anyone monitoring them. The attacker found a weakness, got around the ownership checks, and drained all 5 pools. What happened: 
- $1.34M stolen
- 5 old pools affected
- No active users lost funds
- Contracts were left exposed for 3+ years The good news is that Raydium's main protocol was not affected, and its treasury is covering the losses. The bigger lesson is simple: Just because a contract is old or no longer used doesn't mean it is safe. Many DeFi projects have old contracts still running onchain after upgrades and migrations. Most people forget about them. Attackers don't. More and more exploits are happening in old and abandoned contracts rather than in active systems. In DeFi, the biggest risk is often not the code everyone is watching. It's the old code that nobody has checked in years.

NEWS: Raydium suffered a $1.34M exploit affecting deprecated liquidity pools. The protocol said losses will be fully covered by its treasury, with no impact on current users. https://t.co/jtHyAIgj3n