The decentralized exchange Raydium reported an attack on the liquidity pool of the outdated program Legacy AMM V3, as a result of which hackers stole assets worth $1.34 million. The attacker removed about 150,000 RAY, 5,600 SOL and nearly 900,000 USDC from several pools, including Sollet USDT-RAY, Sollet ETH-RAY, RAY-SOL, USDC-RAY and SRM-RAY.

The developers linked the vulnerability to insufficient validation of the liquidity token release, which allowed the attacker to bypass the proportion check by creating a new coin and using it as an LP token. The team highlighted that AMM V3 was decommissioned as early as 2021, and access to it via the interface is closed, so core users and active pools (using the virtual offer mechanism) are not affected. Raydium is conducting an additional safety audit and has promised to compensate the losses suffered from the project treasury.

According to PeckShieldAlert analysts, the hacker has already started laundering funds: stolen assets were removed from the Solana network into Ethereum and sent to cryptographers. The incident occurred shortly after a major attack on 8 June, when unidentified individuals compromised the Humanity Protocol project’s wallets, causing about $31 million in damage.