Raydium DEX’s AMM Program Exploited For $1.34 Million — Here’s What Went Wrong

Raydium (RAY), a decentralized exchange on the Solana (SOL) blockchain, said Wednesday that it had suffered a $1.34 million exploit tied to its retired automated market maker, or AMM, V3 program. 

Raydium Pools Drained 

The protocol said the attacker removed about 150,000 RAY, 5,600 SOL, and nearly 900,000 of Circle’s USDC stablecoin from Raydium pools involving RAY-SOL, USDC-RAY, and SRM-RAY.

Raydium attributed the compromise to a weakness in how the older AMM V3 handled liquidity provider (LP) mints. The platform said the vulnerability “stemmed from insufficient validation of the LP mints, which in practice allowed the attacker to bypass intended proportion checks.

According to the description of the mechanism, because the legacy AMM V3 program did not properly verify the LP mint address, an attacker was able to create a new mint and use it as the LP token, letting it evade the checks that were supposed to control how assets could be accounted for in the Raydium pools.

The exchange emphasized that the affected AMM V3 program was no longer available through Raydium’s interface, explaining that the legacy AMM V3 program was phased out in 2021 and was effectively unreachable via Raydium’s current user tools. 

Funds Traced Across Two Blockchains

Details on the alleged laundering trail were provided by PeckShield, which described how the attacker’s funds were initially funded via KuCoin and then bridged from Solana to Ethereum (ETH). 

PeckShield said that 810 ETH had already been sent to Tornado Cash, and that 7 ETH had been moved to FixedFloat, framing both moves as part of an active effort to launder the Raydium funds. 

In Raydium’s own breakdown of the exploit, the firm reiterated that its current programs were unaffected by the incident, and said it is in the middle of security review work on all mainnet programs by Raydium core contributors.

Featured image created with OpenArt; chart from TradingView.com