Raydium core contributor: Full compensation for stolen assets will be provided; current mainnet programs remain unaffected

Odaily Odaily reported that InfraRAY, a core contributor to Raydium, posted on platform X stating that the team has confirmed an attack on the old AMM V3 program, which was discontinued in 2021. The attacker unauthorizedly removed some liquidity, but this incident does not affect current Raydium users. Since being deactivated, the affected liquidity pools could no longer be interacted with through the official Raydium UI, and the Raydium SDK and DApp also do not support operations on old AMM V3 pools on the mainnet.

The five affected liquidity pools include: Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY, and RAY-SOL. Preliminary statistics show that the stolen assets include approximately 150,177 RAY, 5,603 SOL, and 893,700 USDC, with a total value of about $1.34 million. The related losses will be fully compensated from the treasury.

Investigations show that the vulnerability stemmed from insufficient verification of LP token minting addresses. The attacker bypassed the protocol's proportion verification mechanism by creating new LP tokens and impersonating legitimate LP tokens, thereby extracting funds. However, this incident was an isolated logical vulnerability, not caused by a private key leak or permission breach, and there is no risk of spread. Currently, all active Raydium mainnet programs remain unaffected.