On-Chain Investigator Warns of Attack on Raydium's Old Liquidity Pool
On-chain investigator Specter issued a security warning that an old liquidity pool of the Solana DeFi protocol Raydium is suspected to have been attacked.
The attacker stole approximately $1.34 million in assets, mainly including USDC, RAY, and wSOL, and subsequently transferred the funds to Ethereum via a cross-chain bridge, depositing them into Tornado Cash for mixing.
In terms of market mechanisms, the hacker exploited the weak security configuration of the old pool to quickly cash out and hide their traces, with funds flowing from Raydium LP to the attacker's anonymous wallet. The beneficiaries are skilled hackers executing governance or flash loan attacks, while the affected parties are Raydium users and the trust of Solana DeFi liquidity providers.
Source: Public Information
ABAB AI Insight
Raydium, previously a major AMM on Solana, has faced multiple security risks due to several old pools not being timely migrated or updated. This attack continues the common vulnerability exploitation path of old DeFi contracts, and the attacker likely achieved fund extraction through historical governance permissions or contract logic flaws.
In terms of capital flow, the hacker utilized cross-chain bridges and Tornado Cash privacy tools, converting a low-cost entry into a real profit of $1.34 million. This action exposes the weaknesses in lifecycle management of pools within the Solana ecosystem, prompting protocol parties and security funds to increase audits and fund migrations for legacy contracts.
Similar to previous attacks on multiple old pools in Solana and Ethereum due to outdated parameters, Raydium is currently in a control phase transitioning from rapid expansion to strengthening existing security, highlighting the importance of long-term maintenance costs for DeFi protocols.
Essentially, this reflects a shift in technology and regulatory changes: attacks on old liquidity pools directly exploit historical contract vulnerabilities, accelerating the concentration of DeFi funds from weak security legacy pools to highly audited new protocols through cross-chain and mixing paths, reshaping the industrial chain structure of liquidity and security trust in the Solana ecosystem.
ABAB News · Cognitive Law
The longer the old pool remains unmigrated, the larger the attack window.
The more convenient the privacy mixing, the more concealed the hacker's exit.
The faster the protocol grows, the more fatal the existing security becomes.