Overview
- Raydium disclosed on Wednesday that an attacker removed about $1.34 million from five legacy AMM V3 liquidity pools that had been deprecated in 2021.
- On‑chain investigators say the theft included roughly 150,177 RAY, 5,603 SOL, and about 893,700 USDC and that the exploiter used a fake LP mint to bypass proportion checks.
- Security firms traced initial funding for the exploit to KuCoin and reported that bridged funds moved to Ethereum with about 810 ETH sent into Tornado Cash and 7 ETH to FixedFloat.
- Raydium says the flaw was a self-contained logic bug rather than a key or authority compromise and has identified the exploiter's Solana address as 4WnPebowR4HHfumvNPaDjG6Pa5Hi1jxLm6xmmBq33QVk.
- The protocol pledged full reimbursement from its treasury and started a comprehensive mainnet security review, underscoring the risks that dormant on‑chain contracts pose to DeFi users and projects.