Raydium: Massive Exploit Drains $1.34 Million From Inactive AMM Pools

A retired AMM program on Raydium has just been hit by a targeted attack. The result: $1.34 million drained from five inactive liquidity pools within hours.

The Solana-based DEX responded swiftly, pledging full compensation through its treasury. But the incident raises a fundamental question: how can a decommissioned contract still be exploitable?

A closer look at a vulnerability that serves as a stark reminder — in DeFi, legacy programs can remain attack vectors long after they have been retired.

A Surgical Attack on a Retired AMM Program

The exploit targeted an older AMM (Automated Market Maker) program belonging to Raydium, one that had been officially retired and replaced by newer versions. Five inactive liquidity pools were fully drained, with total losses estimated at $1.34 million. The attack did not affect any active pools or the protocol’s core infrastructure.

This type of attack vector is particularly insidious: security teams typically focus their monitoring on contracts in active production, leaving deprecated programs in a blind spot. Yet as long as a smart contract remains deployed on-chain, it stays technically accessible — and therefore potentially exploitable if funds are still associated with it.

Raydium has not yet published a detailed technical post-mortem outlining the precise nature of the vulnerability that was exploited. The team confirmed the incident through its official channels and indicated that investigations are ongoing to identify the exact attack vector.

Raydium Treasury Steps In to Cover Losses

In response to the impact on affected liquidity providers, Raydium announced that its treasury would cover all losses incurred by impacted users. The decision reflects a clear intent to preserve community trust, in a sector where uncompensated exploits can permanently damage a protocol’s reputation.

This model of direct treasury-based compensation has become an increasingly common practice in DeFi following similar incidents. It bypasses decentralized insurance mechanisms — which are often slow and complex — and sends a strong signal to LPs (liquidity providers) about the protocol’s financial resilience. Raydium, which generates substantial revenue through trading fees on Solana, holds the reserves needed to absorb this kind of shock.

The incident comes at a time when Raydium remains one of the most active DEXs in the Solana ecosystem, consistently posting some of the highest trading volumes across all of DeFi. The team’s swift response should limit the damage to user confidence, even as the question of how to manage obsolete contracts remains very much open.

A Harsh Reminder of the Risks Posed by Deprecated DeFi Contracts

This exploit highlights a structural issue inherent to decentralized finance: the persistence of smart contracts on-chain. Unlike traditional web applications that can simply be switched off, a smart contract deployed on a blockchain like Solana remains active indefinitely, unless an explicit self-destruct mechanism was built into its design from the outset.

For DeFi protocols, this creates an obligation to continuously monitor all deployed contracts — including the oldest ones. Best practices call for systematically migrating any residual funds before decommissioning, and for implementing emergency pause mechanisms on deprecated programs. Steps that, evidently, were not completed in this particular case.

For liquidity providers, this incident is a timely reminder of the importance of withdrawing funds from inactive or deprecated pools as soon as a protocol announces a migration to a new version. In DeFi, leaving assets in an obsolete contract is the equivalent of leaving liquidity in a vault whose lock is no longer maintained.