The exploit impacted the firm’s legacy automated market maker program and led to the loss of Solana (SOL), as well as dollar-backed stablecoin USDC and the exchange’s native token, RAY.
The exploiter, who has a Solana address ending in “Bq33QVk,” was able to bypass validation logic in the deprecated program and mint new liquidity provider tokens. In total, the attacker made off with nearly $900,000 in USDC, approximately $357,000 in SOL, and $86,000 worth of RAY. It will be repaid using the firm's treasury.
Raydium is aware of an exploit involving unauthorized removal of liquidity from its legacy AMM V3 program which was previously phased out in 2021.
No current users of Raydium are affected by this exploit or would have been able to interact with these pools through the UI since…
The firm’s existing mainnet programs prevent this type of vulnerability, according to 0xInfra, who highlighted that this was not due to a “a key compromise or authority-level issue.”
Although there is no evidence yet that AI was used in the Raydium exploit, analysts told Decrypt in May that AI is transforming exploit discovery by “automating what skilled auditors do.”
Amid the incident, Raydium’s native token is down around 2% in the last 24 hours, recently changing hands at $0.567. The token has fallen around 13% in the last week of trading amid a broader market rout, and is now 96.6% off its all-time high of $16.83.
