Raydium's legacy AMM V3 exploited for $1.34M via LP mint…

Raydium confirmed that its deprecated Legacy AMM V3 program was exploited for approximately $1.34 million after an LP mint validation flaw allowed an attacker to bypass proportion checks. The vulnerability was specific to inactive Legacy AMM V3 pools and did not touch the project's current mainnet programs, SDK, or DApp.

Why it matters

The exploit highlights a persistent risk in DeFi: deprecated or legacy smart contract code that remains on-chain can still carry exploitable surface area even when no longer actively used. Raydium is one of Solana's largest AMMs by volume, and any security incident on the protocol draws scrutiny across the broader Solana DeFi ecosystem. The fact that the flaw resided in a legacy program rather than the live codebase limits the blast radius, but the $1.34M loss is real and the attacker's ability to bypass proportion checks points to a gap in the deprecation and access-control process.

Market impact

Raydium has committed to fully compensating affected liquidity providers, which should contain immediate reputational damage. The project is now conducting a security review of all mainnet programs — a signal that the team is treating this as a broader audit trigger rather than an isolated incident. Traders and LPs active on Raydium should monitor official channels for the review's findings before adding new liquidity positions.