Raydium DEX’s AMM Program Exploited For $1.34 Million — Here’s What Went Wrong

Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and publishing How Our News is Made Strict editorial policy that focuses on accuracy, relevance, and impartiality Ad discliamer Morbi pretium leo et nisl aliquam mollis. Quisque arcu lorem, ultricies quis pellentesque nec, ullamcorper eu odio. Raydium (RAY), a decentralized exchange on the Solana (SOL) blockchain, said Wednesday that it had suffered a $1.34 million exploit tied to its retired automated market maker, or AMM, V3 program.  Raydium Pools Drained 

The protocol said the attacker removed about 150,000 RAY, 5,600 SOL, and nearly 900,000 of Circle’s USDC stablecoin from Raydium pools involving RAY-SOL, USDC-RAY, and SRM-RAY.

Raydium attributedthe compromise to a weakness in how the older AMM V3 handled liquidity provider (LP) mints. The platform said the vulnerability “stemmed from insufficient validation of the LP mints, which in practice allowed the attacker to bypass intended proportion checks. Related Reading Prediction Markets’ Wild West Days May Be Over: CFTC Drafts Its First Major Framework 6 hours ago

According to the description of the mechanism, because the legacy AMM V3 program did not properly verify the LP mint address, an attacker was able to create a new mint and use it as the LP token, letting it evade the checks that were supposed to control how assets could be accounted for in the Raydium pools.

The exchange emphasized that the affected AMM V3 program was no longer available through Raydium’s interface, explaining that the legacy AMM V3 program was phased out in 2021 and was effectively unreachable via Raydium’s current user tools.  Funds Traced Across Two Blockchains

Details on the alleged laundering trail were provided by PeckShield, which described how the attacker’s funds were initially funded via KuCoin and then bridged from Solana to Ethereum (ETH).  Related Reading Treasury Stablecoin Proposal Draws Major Warning From Hyperliquid Policy Center–Here’s Why 1 day ago

PeckShield saidthat 810 ETH had already been sent to Tornado Cash, and that 7 ETH had been moved to FixedFloat, framing both moves as part of an active effort to launder the Raydium funds. 

In Raydium’s own breakdown of the exploit, the firm reiterated that its current programs were unaffected by the incident, and said it is in the middle of security review work on all mainnet programs by Raydium core contributors. The 1-D chart shows RAY’s price attempting to consolidate above the $0.57 mark. Source: RAYUSDT on TradingView.com

Featured image created with OpenArt; chart from TradingView.com