Raydium confirms $1.34 million exploit in legacy AMM V3 pools

Raydium said an unauthorized withdrawal drained about $1.34 million from five legacy AMM V3 liquidity pools, with the team stating that the affected code was deprecated in 2021 and no current users or active pools were impacted.
Full details of affected depositshttps://t.co/BvV7W0sqIS
— Infra | Raydium (@0xINFRA) June 10, 2026
The confirmation came through Raydium Infra’s official X account, which described the incident as an exploit in the protocol’s old AMM V3 program. According to the post, the issue stemmed from a validation flaw in the withdrawal logic for dormant pools, allowing the attacker to remove assets from pools that were no longer used through the interface.
Raydium said the losses were limited to idle pools and that there was no key compromise or broader propagation risk. The team also said its treasury will fully cover the losses, indicating that reimbursement is part of the response plan.
#PeckShieldAlert Specter reported that @Raydium has been drained of $1.3M worth of crypto
The attacker was initially funded from #KuCoin, bridged the stolen funds from #Solana to ETH, and deposited 810 $ETH to #TornadoCash and 7 ETH to #FixedFloat. pic.twitter.com/Cm3nQwUfZV
— PeckShieldAlert (@PeckShieldAlert) June 10, 2026
Independent security commentary from PeckShieldAlert’s post on X matched the reported drain and described a laundering trail that included funding via KuCoin, bridging funds from Solana to Ethereum and subsequent transfers to Tornado Cash and FixedFloat.
The available reporting points to a narrow exploit affecting retired infrastructure rather than Raydium’s current product set. What remains unconfirmed from the sources provided is the attacker’s identity and any further recovery details beyond the treasury compensation plan.






