L'essentiel
- Solana-based decentralized exchange Raydium experienced a $1.34 million exploit affecting five deprecated liquidity pools from an older automated market maker program.
- The attacker stole USDC, SOL, and RAY tokens, but current users were unaffected.
- This incident adds to a growing list of DeFi exploits.
Résumé généré par IA
Pourquoi c'est important
Solana-based decentralized exchange Raydium was exploited for over $1.34 million on Wednesday, affecting five deprecated liquidity pools from an older version of its automated market maker program. The exploit impacted SOL, USDC, and RAY tokens.
In brief
Solana DEX Raydium was hit with a $1.3 million exploit on Wednesday.
The exploit affected five deprecated liquidity pools from an older version of its automated market maker program.
The incident joins a growing list of DeFi exploits and the discovery of major vulnerabilities, some fueled with AI tools.
Five deprecated liquidity pools from Solana-based decentralized exchange Raydium were exploited on Wednesday, leading to more than $1.34 million in stolen funds.
The exploit impacted the firm’s legacy automated market maker program and led to the loss of Solana (SOL), as well as dollar-backed stablecoin USDC and the exchange’s native token, RAY.
“No current users of Raydium are affected by this exploit or would have been able to interact with these pools through the UI since their deprecation,” posted pseudonymous Raydium contributor 0xInfra on X.
The exploiter, who has a Solana address ending in “Bq33QVk,” was able to bypass validation logic in the deprecated program and mint new liquidity provider tokens. In total, the attacker made off with nearly $900,000 in USDC, approximately $357,000 in SOL, and $86,000 worth of RAY. It will be repaid using the firm's treasury.
The firm’s existing mainnet programs prevent this type of vulnerability, according to 0xInfra, who highlighted that this was not due to a “a key compromise or authority-level issue.”
The exploit extends a growing list of recent vulnerabilities discovered in crypto networks and decentralized finance (DeFi) protocols of late.
In April, KelpDAO and Solana-based Drift Protocol each suffered exploits that affected just shy of $300 million in funds, respectively.
Last week, privacy network Zcash saw its native token crash more than 40% in 24 hours after developers disclosed that a security researcher used a frontier AI model to discover a four-year-old vulnerability that affected one of its privacy pools.
Although there is no evidence yet that AI was used in the Raydium exploit, analysts told Decrypt in May that AI is transforming exploit discovery by “automating what skilled auditors do.”
Furthermore, the exploit took place just one day after private AI firm Anthropic released an upgraded version of Mythos, its cybersecurity-focused that it claims has “unprecedented cybersecurity capabilities.” Anthropic also released a neutered, publicly available version called Claude Fable 5, which has drawn criticism for how much it has been hobbled.
Amid the incident, Raydium’s native token is down around 2% in the last 24 hours, recently changing hands at $0.567. The token has fallen around 13% in the last week of trading amid a broader market rout, and is now 96.6% off its all-time high of $16.83.
À surveiller
Perspective IA — des possibilités, pas des certitudes
Raydium will repay the stolen funds from its treasury.
Très probable · Court terme
Further scrutiny of legacy DeFi programs and automated market maker logic.
Probable · Court terme
Increased discussion and development around AI's role in cybersecurity exploits.
Très probable · Moyen terme
Questions ouvertes
- Will the stolen funds be recovered?
- What specific security flaws allowed the bypass of validation logic?
- What measures will Raydium implement to prevent future exploits of legacy programs?
- What is the long-term impact on investor confidence in Raydium and Solana's DeFi ecosystem?
