BLOCKINSIDERLoading
Live
↗BTC$94,210(+2.4%)|↗ETH$3,820(+1.8%)|↗SOL$218.40(+4.2%)|↗BNB$712.30(+0.6%)|↗BTC$94,210(+2.4%)|↗ETH$3,820(+1.8%)|↗SOL$218.40(+4.2%)|↗BNB$712.30(+0.6%)|
BlockInsiderBLOCKINSIDER
NEWS
MARKETS
EMERGING TECH
RWA & DEFI
LEARN
TOOLS
ABOUT
Sponsored slot · leaderboard
HomeCryptoRaydium Hack Drained of $1.3 Million in Crypto Through Tornado Cash
Crypto

Raydium Hack Drained of $1.3 Million in Crypto Through Tornado Cash

Raydium suffered a $1.3 million exploit targeting its retired AMM V3 infrastructure. The attacker stole RAY, SOL, and USDC before moving 810 ETH through Tornado Cash

56m ago 4,280
CryptoBlockchain
On this page
  • How the $1.3 Million Raydium Hack Happened
  • Five Legacy Pools Were Drained
  • Hacker Moved Funds From Solana to Ethereum
  • Raydium Promises Full Compensation
  • Raydium's RAY token Saw Slight Drop
raydium hack tornado cash stolen funds
Rizwan Ansari
Rizwan Ansari
Crypto Journalist
VIEW PROFILE
Share

  • Solana-based decentralized exchange Raydium suffered a $1.3 million exploit targeting its retired AMM V3 infrastructure.
  • The attacker drained roughly 150,177 RAY, 5,603 SOL, and 893,700 USDC from five dormant liquidity pools.
  • Stolen funds were bridged from Solana to Ethereum, with 810 ETH later deposited into Tornado Cash.

Raydium has become the latest victim of a decentralized finance (DeFi) protocol to suffer a security breach after an attacker drained approximately $1.3 million worth of crypto from its legacy Automated Market Maker (AMM) infrastructure.

Blockchain security firm PeckShield traced the attack, revealing that the stolen funds were quickly moved across chains and partially laundered through Tornado Cash.

How the $1.3 Million Raydium Hack Happened

According to Raydium, the attacker exploited a validation flaw in its legacy AMM V3 code, which dates back to 2021.

The vulnerability existed within the program's withdrawal function. Instead of verifying whether a liquidity provider (LP) token belonged to a legitimate Raydium pool, the system accepted any token supplied by the attacker.

The hacker created a fake LP token with a total supply of just one token. After submitting that token to the vulnerable contract and triggering a withdrawal request, the system mistakenly released 100% of the assets stored in the affected pools.

In its official statement, Raydium confirmed the issue stemmed from "insufficient validation of the LP mint," allowing the attacker to bypass the protocol's intended security checks.

Five Legacy Pools Were Drained

The attack specifically targeted five inactive liquidity pools tied to Raydium's early integration with Serum.

The affected pools included Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY, and RAY-SOL.

Together, the attacker stole approximately 150,177 RAY tokens, 5,603 SOL, and 893,700 USDC. At the time of the attack, the combined value of the stolen assets was estimated at around $1.34 million.

Importantly, these pools were no longer supporting active trading activity. Following the collapse of Serum, the pools had remained dormant on-chain but still contained idle liquidity.

Raydium stressed that users could not access these defi liquidity pools through its official website, application, or software development tools.

Hacker Moved Funds From Solana to Ethereum

Investigators were able to reconstruct the attacker's movements shortly after the exploit occurred.

According to Specter, the attacker's wallet was initially funded through cryptocurrency exchange KuCoin at approximately 11:28 UTC. The exploit itself was executed across roughly 20 separate transactions and concluded around 12:09 UTC.

After draining the pools, the attacker converted the stolen assets into USDC before bridging the defi liquidty funds from Solana to Ethereum using deBridge. Once the funds arrived on Ethereum, the laundering process began almost immediately.

PeckShield reported that approximately 810 ETH was deposited into Tornado Cash, while another 7 ETH was transferred to FixedFloat. The first Tornado Cash transaction reportedly occurred at 13:26 UTC, with the laundering process largely completed within 15 minutes.

Raydium Promises Full Compensation

Despite the exploit, Raydium says no active users were affected.

The protocol confirmed that the vulnerable AMM V3 infrastructure had already been retired years ago and was no longer connected to its current trading systems.

To prevent losses from falling on users with exposure to the affected pools, Raydium announced that all stolen funds would be covered through its treasury.

The response mirrors a similar recovery effort in December 2022, when the protocol reimbursed users following an admin key compromise that impacted active liquidity pools.

Raydium's RAY token Saw Slight Drop

Unlike many DeFi exploits that trigger sharp token sell-offs, the market response has remained relatively calm.

Raydium's RAY token was trading near $0.57 at the time of reporting, down less than 1% over the previous 24 hours.


How does this read?
Share

Comments · 0

Sign in to comment. Accounts coming soon.

No comments yet

Be the first to share your take when accounts launch.

Related reading

CRYPTO

Mastercard Pushes Payments Into the AI Era With Ripple, Solana, 30+ Partners

@rizwan-ansari3h ago
CRYPTO

Strategy Buys More Bitcoin, But BTC Price Prediction Remains Bearish

@rizwan-ansari1d ago
CRYPTO

Helius CEO ‘Extremely Bullish’ on Zcash after New Upgrade

@debashree-patra-1d ago
Sponsored slot · native
More from this desk
  • Mastercard Pushes Payments Into the AI Era With Ripple, Solana, 30+ Partners3h ago
  • CFTC’s New Prediction Market Rules Could Change Polymarket and Kalshi Forever5h ago
  • Strategy Buys More Bitcoin, But BTC Price Prediction Remains Bearish1d ago
  • CLARITY Act Approval Odds Fall Below 50% as Lummis Backs Crypto Freedom1d ago
Sponsored slot · native
BlockInsiderBLOCKINSIDER© 2026 BlockInsider.
AboutThe InsidersAdvertiseCareersTermsPrivacy