Deprecated V3 pools with unpatched vulnerability drained for $12M
An attacker targeted deprecated Raydium Legacy AMM V3 pools that had not been migrated to newer versions. The exploit involved a flash loan attack where the attacker borrowed a large amount of SOL, manipulated the reserves in legacy pools, and then executed swaps that benefited from miscalculated ratios due to the outdated pricing logic. Despite Raydium's warnings to migrate liquidity, significant funds remained in these legacy pools, resulting in a $12 million loss.
The attacker converted stolen SPL tokens to SOL through Jupiter aggregator, then bridged to Ethereum via Wormhole. On Ethereum, funds were swapped for ETH and deposited into Tornado Cash. A portion was sent to centralized exchanges with weak KYC requirements. The rapid movement and use of established privacy protocols made recovery unlikely.