SciPHRSciPHR/ Learn sciphr.io ↗

Raydium's retired liquidity pools.

2026-06-13

On June 10, an attacker drained about $1.34 million from five Raydium pools on Solana that had sat inactive since 2021. Raydium's app no longer touches them, but the old contracts were still live on-chain.

A liquidity pool holds two assets people trade against. To withdraw your share, you hand back an LP token, a receipt for what you deposited. The retired code checked the receipt's supply but never checked the receipt was real. The attacker minted a fake one and drained the pools.

Code does not retire when a team stops using it. A contract nobody maintains is still one anyone can call, and the assumptions that held in 2021 were never revisited.

Source: https://cryptonews.com/news/raydium-exploit-fake-lp-tokens-deprecated-solana-pools/

← BackAll of Learn
Network: TESTNET ·_