Raydium core contributor: Will fully compensate stolen assets, current mainnet programs unaffected

Odaily Planet Daily News Raydium Core Contributor InfraRAY posted on platform X, stating that the team has confirmed that the old AMM V3 program, which was discontinued in 2021, was attacked. The attacker unauthorizedly removed some liquidity, but this incident does not affect current Raydium users. Furthermore, the affected liquidity pools could not be interacted with through the official Raydium UI since their deactivation, and the Raydium SDK and DApp also do not support operations for the old AMM V3 pools on the mainnet.

The five affected liquidity pools include: Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY, and RAY-SOL. Preliminary statistics show that the stolen assets include approximately 150,177 RAY, 5,603 SOL, and 893,700 USDC, with a total value of approximately $1.34 million. The related losses will be fully compensated by the treasury.

Investigation indicates that the vulnerability stemmed from insufficient verification of the LP token minting address. The attacker bypassed the protocol's proportional verification mechanism by creating new LP tokens and impersonating legitimate LP tokens, thereby extracting funds. However, this incident is due to an independent logic vulnerability, not a private key leak or permission breach, and there is no risk of spread. Currently, all existing Raydium mainnet programs remain unaffected.