Well, I say, old bean, it appears we’ve got a bit of a kerfuffle in the world of DeFi, what? Some bounder, no doubt with a penchant for mischief and a head full of schemes, has managed to pilfer a cool $1.34 million from Raydium’s Solana AMM. Dash it all, the chap didn’t even need to nick any private keys-he simply waltzed in, spotted a verification flaw in their legacy smart contracts, and bob’s your uncle, he’s off with the loot.
According to the eggheads at GoPlus Security, this blighter concocted a custom SPL token and jiggled about with the liquidity withdrawal process. Before you could say “Jeeves, fetch my monocle,” he’d drained several inactive pools and scarpered off to other blockchain networks. Jolly clever, if a bit underhanded, eh?
🧵1/4
⚠️ Vulnerability Analysis: Analysis of the #Raydium ExploitOn June 10, @Raydium’s legacy liquidity pool on Solana was exploited, resulting in a loss of approximately $1.3 million.
Attack Mechanism Analysis:
The attacker created a custom SPL Token, then manipulated the…
– GoPlus Security 🚦 (@GoPlusSecurity) June 11, 2026
Now, the weakest link in this chain, it seems, was the old contracts. GoPlus chaps reckon the exploit stemmed from a spot of inadequate validation of liquidity provider (LP) tokens. The scoundrel whipped up some counterfeit LP tokens, bypassed the verification checks, and helped himself to the goodies. After that, he bridged the assets from Solana to Ethereum via deBridge, swapped them for Ether, and popped them into Tornado Cash for a spot of anonymity. Dash it, the fellow’s got more moves than a ballroom dancer!
Raydium, bless their hearts, were quick to point out that the attack was limited to five deprecated liquidity pools-old trading pairs involving RAY, SOL, USDC, USDT, ETH, and SRM. No active users were affected, they assure us, as these pools had been retired years ago. Still, it’s a bit of a black eye, what?
The security lessons here are as clear as a gin and tonic on a summer’s day: old smart contracts, even if retired, can still be a liability. Master of Crypto, that sage of the crypto world, chimed in on X, reminding everyone that dormant code can remain vulnerable long after it’s been forgotten. “The ghost pools got drained,” he quipped. Quite the wit, that fellow.
The ghost pools got drained.
Raydium lost $1.34 million today.
But the attack was not on its main exchange.
The attacker targeted 5 old liquidity pools that were stopped in 2021 but were never fully turned off.
These contracts stayed onchain for more than 3 years without…
– Master of Crypto (@MasterCryptoHq) June 11, 2026
Despite this little hiccup, Raydium remains a heavyweight in the Solana DeFi scene, with a tidy $795.5 million in total value locked and $4.42 billion in trading volume over the past month. Still, this exploit joins a growing list of security incidents in the sector, a reminder that even the most seasoned projects can’t afford to rest on their laurels.
So, what’s the takeaway, old sport? Keep your contracts shipshape, retire them properly, and for heaven’s sake, don’t let them linger like a forgotten aunt at a family gathering. Otherwise, some bounder with a knack for mischief might just come along and spoil the party. Cheerio!
Read More
- Gold Rate Forecast
- Green Game Jam returns with 70 games teaming up to tackle the climate crisis
- USD HKD PREDICTION
- EUR CNY PREDICTION
- USD TRY PREDICTION
- SUI PREDICTION. SUI cryptocurrency
- USD BRL PREDICTION
- Seven Snipers Review: A Sharpshooter Action Movie That Misses More Than It Hits
- USD CHF PREDICTION
- 7 Classic Free Animated Shows Hidden Deep on Streaming
2026-06-11 15:48