Raydium claims the exploit was a trojan attack, though they've provided no further evidence to substantiate this. According to Raydium, a trojan allowed an attacker to compromise the private key belonging to the pool owner account. With control over the private key, the attacker was able to withdraw a mix of assets from the pools. They bridged at least $2 million to Ethereum and tumbled them through Tornado Cash; another $1.5 million remained on the Solana chain, where some projects began freezing assets.
Raydium has offered a 10% "bug bounty" to the hacker if they return the stolen funds.