An attacker exploited a legacy <button class="define-target" id="smart-contract">smart contract</button> that had been used by the Raydium Solana <button class="define-target" id="dex">DEX</button> before it was deprecated in 2021. Though the contract was unused, there were still funds in the <button class="define-target" id="liquidity-pool">liquidity pools</button> affected by the vulnerable contract. Using fake LP tokens, the exploiter was able to trick an old smart contract with insufficient validation into allowing them to withdraw assets.<p>Raydium has said it will compensate users who lost funds in the exploit.</p>

"Raydium Confirms $1.34M Drain on Deprecated AMM V3, Pledges Treasury Compensation"

Web3 is Going Just Great

Raydium users lose $1.34 million after legacy smart contract exploited