NewsBTC

10 hour ago

1 0

BEARISH 📉 : Raydium legacy AMM exploit drains $1.34M from DEX pools

Raydium hit by $1.34M exploit in legacy AMM V3. Stolen funds moved from Solana to Ethereum and into Tornado Cash, analysts say.

The team tied the loss to a bug in its retired AMM V3. It allowed LP mint checks to be bypassed, letting an attacker drain multiple pools, according to Raydium’s incident report on X Raydium statement on X.

What was drained
- ~150,000 RAY
- ~5,600 SOL
- ~900,000 USDC
From pools: RAY-SOL, USDC-RAY, SRM-RAY (SRM is SRM) Raydium statement on X.

Cause
- AMM V3 did not properly verify the LP mint address.
- Attackers could create a new mint as the LP token and bypass proportion checks Raydium statement on X.

Scope and status
- AMM V3 was phased out in 2021 and not accessible via the current UI.
- Raydium says current programs are unaffected and undergoing security review Raydium statement on X.

Laundering trail
- Funds reportedly originated via KuCoin, then bridged from Solana to ETH.
- 810 ETH sent to Tornado Cash; 7 ETH to FixedFloat PeckShield alert on X.