Raydium DEX’s AMM Program Exploited For $1.34 Million — Here’s What Went Wrong
Raydium (RAY), a decentralized exchange on the Solana (SOL) blockchain, said Wednesday that it had suffered a $1.34 million exploit tied to its retired automated market maker, or AMM, V3 program. Raydium Pools Drained The protocol said the attacker removed about 150,000 RAY, 5,600 SOL, and nearly 900,000 of Circle’s USDC stablecoin from Raydium pools involving RAY-SOL, USDC-RAY, and SRM-RAY. Raydium attributed the compromise to a weakness in how the older AMM V3 handled liquidity provider (LP) mints. The platform said the vulnerability “stemmed from insufficient validation of the LP mints, which in practice allowed the attacker to bypass intended proportion checks. Related Reading: Prediction Markets’ Wild West Days May Be Over: CFTC Drafts Its First Major Framework According to the description of the mechanism, because the legacy AMM V3 program did not properly verify the LP mint address, an attacker was able to create a new mint and use it as the LP token, letting it evade the chec