Raydium version précédente de l'AMM attaquée ! 1,34 million de dollars volés, DEX Solana indemnise intégralement

Solana Max DEX Protocol Raydium's Old Version AMM V3 Attacked, Approximately 1.34 Million USD in Liquidity Removed, 5 Pools Damaged. Raydium Core Team Confirms No Diffusion Risk, Treasury Will Fully Compensate.
（Background: Comprehensive Analysis of the Current Situation of Solana's Largest DEX Raydium）
（Additional Context: Raydium Trading Volume Surpasses Uniswap for Two Consecutive Months）

Table of Contents

Toggle

• Attack Process: LP Token Impersonation
• Cause of the Vulnerability: Insufficient Verification of LP Token Minting Address
• Raydium's Position in the Solana Ecosystem

Decentralized Lending Protocol (Raydium) Key Contributor InfraRAY Announced on Wednesday that the old version AMM V3 of Solana's largest DEX protocol was attacked, with about 1.34 million USD in liquidity drained. Since the pools were decommissioned in 2021, no new price discovery has occurred.

Attack Process: LP Token Impersonation

The five affected pools, revealed by InfraRAY on X platform, include Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY, and RAY-SOL.

Initial estimates show the total stolen assets are:

• 150,177 RAY tokens
• 5,603 SOL tokens
• 893,700 USDC tokens

Together, approximately 1.34 million USD. Raydium's treasury will fully compensate for the losses, without affecting the token prices of any token holders.

Cause of the Vulnerability: Insufficient Verification of LP Token Minting Address

Investigation points to a logical bug: AMM V3 did not strictly verify the minting address when validating LP tokens. Attackers only needed to create a new set of LP tokens, impersonate legitimate LP tokens, and bypass the protocol's ratio verification mechanism, allowing them to extract assets from the pools.

InfraRAY stated that this incident is an independent logical bug, not caused by private key leaks or permission breaches, and there is no diffusion risk. Currently, all active Raydium mainnet programs are unaffected.

Raydium's Position in the Solana Ecosystem

As Solana's largest Automated Market Maker (AMM) protocol, Raydium's trading volume in 2024 has surpassed Ethereum's Uniswap for two consecutive months. Although this attack targets an old version of the protocol that ceased service in 2021, it also serves as a reminder to DeFi users: even if the protocol itself functions normally, logical bugs in early versions of smart contracts can be caught early by on-chain investigators.

On June 10, on the X platform, on-chain investigator Specter issued a security warning, indicating that a certain old liquidity pool of Raydium was suspected to have been attacked. Less than 12 hours later, the Raydium core contributors confirmed the details of the incident.