Raydium old AMM V3 hack: $1.34M stolen, full RAY treasury reimbursement
Raydium old AMM V3 on Solana was exploited, with about $1.34M in liquidity drained from five inactive pools. InfraRAY said there is no spread risk to current Raydium contracts, and the Raydium treasury will fully reimburse the losses.
The affected pools were Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY, and RAY-SOL. Early figures reported stolen assets of 150,177 RAY, 5,603 SOL, and 893,700 USDC (≈$1.34M). Raydium emphasized this was an isolated logic bug, not a private-key leak or a permission compromise.
Reported root cause: weak LP-token validation in AMM V3. The AMM did not strictly verify the LP token mint address, allowing attackers to mint a new LP token that impersonated the expected one and bypassed the pool’s ratio check to withdraw funds.
For traders, the key takeaway is that RAY smart-contract risk can persist in legacy infrastructure even if active pools are not directly affected. Watch RAY liquidity movements and broader Solana DeFi sentiment, but price impact so far appears muted.
Neutral
The incident is tied to legacy/retired Raydium AMM V3 pools and, per InfraRAY, should not spread to current Raydium contracts. That reduces the probability of broader systemic risk for traders. Raydium’s commitment to full treasury reimbursement also helps limit the likelihood of prolonged negative sentiment around RAY.
Short term, any hack—even if isolated—can create volatility as liquidity providers reassess legacy smart-contract exposure. However, the lack of a private-key/permission compromise and the explicit scope of the affected pools support a neutral market impact.
Longer term, the LP-token mint validation weakness is a reminder that older DeFi code can still be exploitable. Traders may demand higher risk premiums for LP exposure in deprecated pools, but active-market price discovery and trading should remain largely unaffected.