Raydium Crypto Hack Today Drained $1.34M: Are Your Funds Still Safe?

Raydium Confirms $1.34 Million Exploit on Legacy AMM V3 Program

What if the biggest threat to your crypto wasn't the app you use today — but the one nobody uses anymore? Raydium just learned that lesson the hard way. $1.34 million gone. Old code. Zero warning. So who's really watching the graveyard?

What Happened?

Raydium, one of Solana's biggest decentralized exchanges, confirmed a $1.34 million crypto hack on Wednesday. The attacker drained five old liquidity pools using a code flaw. Current users are safe. But the story behind how this happened — and who pays — is worth knowing.

The Old Code Nobody Deleted

Raydium's Legacy AMM V3 program was retired back in 2021. Nobody could use it through the app anymore. But the funds inside it? Still sitting there. Idle. Unguarded. That's exactly what the attacker found.

The hacker spotted a weakness in how the old code checked liquidity tokens — called LP Token Mint addresses. It didn't verify them properly. So the attacker created a fake mint address. That fake address tricked the system into skipping its own safety checks.

Result: $1.34 million drained in minutes.

Source: Official X

What Exactly Was Stolen?

The attacker hit five specific pools:

• RAY-SOL

• USDC-RAY

• SRM-RAY

• Sollet ETH-RAY

• Sollet USDT-RAY

The stolen assets included roughly 150,177 RAY tokens, 5,603 SOL, and 893,700 USDC. Blockchain security firms PeckShield and Specter flagged the attack first. The hacker then bridged the funds to Ethereum. PeckShield traced 810 ETH into Tornado Cash — a mixing service that scrambles transaction trails. Another 7 ETH went to FixedFloat. Recovery looks very difficult now.

Who's Paying for This?

Raydium confirmed it will cover every dollar from its own treasury. No user loses money. That's the good news. The team was clear: this wasn't a hack of their live systems. The current app, SDK, and mainnet programs were never touched. The flaw lived only in retired, years-old code. Raydium also confirmed it's now reviewing all mainnet programs for similar issues.

Why Didn't Anyone Delete the Old Pools?

That's the question every DeFi user should ask. Old smart contracts — self-running programs on the blockchain — don't disappear when a protocol upgrades. They keep running. If funds remain inside, those funds stay vulnerable.

Raydium's active programs use a smarter method called virtual supply for proportion checks. That method also verifies the LP mint correctly. The legacy code didn't do that. That gap cost $1.34 million.

Source:  Wu Blockchain X

How Did RAY Price React?

Surprisingly well. The price didnt get affected by Raydium Hack Today. RAY dropped less than 1% after the news broke and then gained 0.55%. At the time of writing, it trades near $0.5718. The 24-hour volume jumped 67% to $22 million — showing traders paid attention. Market cap sits at $153.82 million. TVL holds at $770 million. Markets clearly believe the damage is contained.

Source: CoinMarketCap

What This Means for Investors and Users

If you use Raydium today, you're not affected. The exploit touched only dead pools with no UI access since 2021. But this incident sends a loud warning across the DeFi market. Old code is a liability. Projects must audit retired contracts — not just active ones.  Raydium acted fast. It disclosed transparently and pledged full repayment. That matters.

Conclusion

Raydium's $1.34M hack hit retired code, not live systems. The treasury covers all losses. RAY price held steady. But the incident proves old, forgotten contracts can still bite — even years after shutdown.

Disclaimer: This article is for informational purposes only. It does not constitute financial advice. Always do your own research before making any investment decisions in cryptocurrency markets.