#flash-loan

What is the Raydium $1.34 Million Exploit?

Protocol: Raydium (Solana DEX)

Loss Amount: $1.34 million USD

Vulnerability: Legacy AMM V3 Contract Logic Flaw

Date Discovered: June 11, 2026

Raydium, a leading decentralized exchange on Solana, confirmed a critical exploit targeting its legacy Automated Market Maker (AMM) V3 contract. The attacker drained approximately $1.34 million in cryptocurrency through a sophisticated flash loan attack that manipulated price oracles within the liquidity pool.

Key Details:

- Affected Contract: Raydium AMM V3 (Legacy) - Exploit Type: Flash loan price manipulation - Stolen Assets: SOL, USDC, RAY tokens - Contract Status: Paused pending security audit - Newer Versions: AMM V4 and V5 NOT affected

How Did the Attacker Exploit Raydium?

Attack Vector: Flash loan-based price oracle manipulation

Technical Flaw: Insufficient validation of price feed updates

Execution Time: Single transaction block

The exploit leveraged a critical vulnerability in how the legacy AMM V3 contract calculated asset prices during large trades:

Stage 1: Flash Loan Acquisition - Borrowed Capital: Attacker obtained ~$5M flash loan from Solend - No Collateral: Flash loans require repayment within same transaction - Purpose: Create artificial price imbalance in liquidity pool Stage 2: Price Oracle Manipulation - Massive Sell Order: Dumped borrowed SOL into RAY-SOL pool - Price Impact: Artificially depressed RAY token price by 87% - Oracle Lag: V3 contract used stale price data for validation - Arbitrage Trigger: Exploited price difference between pools Stage 3: Fund Extraction - Bought Undervalued Tokens: Purchased RAY at manipulated low price - Swapped Across Pools: Converted to USDC via other liquidity pools - Repaid Flash Loan: Returned borrowed funds + fees - Net Profit: Kept $1.34M as "profit" from manipulation

When Did This Happen and What's the Response?

Exploit Time: June 11, 2026 @ 03:47 UTC

Discovery: June 11, 2026 @ 04:12 UTC (25 minutes later)

Contract Paused: June 11, 2026 @ 04:35 UTC

Public Announcement: June 11, 2026 @ 06:00 UTC

Raydium's monitoring systems detected anomalous trading volume and immediately paused the affected contract. The team is working with blockchain forensics firms to trace the stolen funds.

Timeline:

- 03:47 UTC: Exploit transaction executed on-chain - 04:12 UTC: Raydium security team alerted by monitoring bots - 04:35 UTC: Legacy AMM V3 contract paused - 05:00 UTC: Blockchain analysts confirm $1.34M loss - 06:00 UTC: Public disclosure via Twitter/X - 08:00 UTC: Security audit firm engaged (OtterSec)

Current Status: Funds traced to Tornado Cash mixer; recovery efforts ongoing

Frequently Asked Questions

Is my Raydium liquidity pool safe?

If you provided liquidity to AMM V3 (Legacy), pause prevents further exploits but existing losses stand. AMM V4 and V5 pools are NOT affected. Check Raydium dashboard for your pool version. V3 LP token holders may qualify for compensation from team recovery efforts.

How can flash loans be used legally?

Flash loans are legitimate DeFi tools for arbitrage, collateral swaps, and self-liquidation. The exploit wasn't the flash loan itself, but how it manipulated price oracles. Proper oracle design (time-weighted average prices, multiple sources) prevents this attack vector.

Will Raydium compensate victims?

Raydium announced a bug bounty program and is pursuing fund recovery. Typical recovery rate: 20-60% if funds are traced before mixing. Team considering treasury allocation for remaining losses. Formal compensation plan expected within 7 days.

Does this affect other Solana DEXes?

Orca, Jupiter, and Serum use different oracle mechanisms and are NOT vulnerable to this specific exploit. However, any protocol using single-source price feeds with lag tolerance should audit their contracts. This is a known vulnerability class in DeFi.

What lessons does this teach DeFi users?