Raydium Legacy Pools Drained For $1.34M As Deprecated Code Stays Live

A logic flaw in Raydium’s legacy AMM V3 program drained roughly $1.34 million from five deprecated Solana liquidity pools, putting forgotten DeFi infrastructure back under security scrutiny.

The affected pools were Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY and RAY-SOL. The assets taken included about 893,700 USDC, 150,177 RAY and 5,603 SOL. The pools had already been phased out and were no longer part of Raydium’s current app interface or active liquidity stack, but the contracts still held live assets onchain.

No current Raydium programs or active users were affected. That distinction keeps the incident contained, but it does not make the exploit harmless. The loss shows how old liquidity pools can remain financially dangerous long after a protocol’s user interface, SDKs and main product routes move elsewhere.

Logic Error Allowed A Fake LP Mint

The exploit centered on liquidity provider mint validation. The attacker created a fraudulent LP mint and used it to bypass the checks that should have blocked unauthorized withdrawals from the old pools.

That made the bug different from a normal phishing event or private-key compromise. The attack path came from program logic that still mattered because assets were still locked inside deprecated contracts. Once the checks failed, the attacker could drain liquidity that had been left behind in pools tied to older Solana DeFi infrastructure.

The stolen assets were later moved through cross-chain routes and sent through Tornado Cash, complicating public tracing. The use of a mixer does not change the core technical issue: inactive or deprecated DeFi code can still become an attack surface when live value remains inside it.

Raydium Treasury Will Cover The Loss

Raydium plans to compensate affected users from its treasury and review all mainnet code for safety. The compensation plan should prevent users with residual funds in the drained pools from taking the direct financial hit.

The wider issue is operational cleanup. Raydium’s current documentation already separates older pool generations from newer recommended routes, including CPMM and CLMM infrastructure in its versions and migration guidance. The exploit shows why that kind of migration process also needs a hard look at residual balances, inactive pools, old permissions and contracts that remain callable even after they disappear from the main interface.

DeFi users often assume that a deprecated pool is effectively dead once it is removed from a frontend. Onchain systems do not work that way. A contract can be invisible to most users and still hold assets, accept instructions or contain logic that attackers can reach directly.

Forgotten DeFi Code Remains A Live Risk

The Raydium drain adds to a string of 2026 incidents where the dollar loss was not the only point. The Token of Power pool drain also showed how a liquidity pool can become the main target, while Syscoin’s paused bridge recovery processhighlighted the importance of isolating affected infrastructure without overstating damage to the base network.

Raydium’s incident is smaller than the largest DeFi hacks this year, but its lesson is sharp. Deprecated contracts are not harmless archives when they still hold funds. Protocol teams need migration paths, balance sweeps, warning systems, monitoring and final shutdown plans that match the reality of permissionless code.

The immediate damage is expected to be covered. The deeper test is whether Raydium’s full mainnet review removes other stale attack surfaces before old liquidity turns into another live exploit path.

The post Raydium Legacy Pools Drained For $1.34M As Deprecated Code Stays Live appeared first on Crypto Adventure.