DeFi investors were handed a sharp reminder this week that in the world of blockchain, “decommissioned” does not always mean “gone.” On June 10, 2026, the popular Solana-based decentralized exchange Raydium fell victim to a sophisticated exploit that drained approximately $1.34 million from its ecosystem. While the incident was contained to legacy pools no longer featured on the platform’s main interface, the attack highlights a growing, overlooked danger in decentralized finance: the risk posed by “ghost” smart contracts that remain active on the network long after they have been retired.
By Priya Sharma | June 12, 2026
The Incident: A Targeted Strike on Legacy Code
The attack, which occurred in the early hours of June 10, was not a result of a flaw in the current, active version of Raydium that most users interact with today. Instead, it was a surgical strike against Legacy AMM V3 pools—automated market maker contracts that had been deprecated since 2021. These contracts, effectively functioning like empty, forgotten storage units, still held significant liquidity in assets like USDC, RAY, and wSOL. The vulnerability persisted because while the pools were removed from the official front-end website, the underlying smart contracts were never formally decommissioned or “killed” on the Solana blockchain itself.
Because these pools had long been removed from the official Raydium website and user interface, most investors had moved their funds to newer, updated pools. However, the legacy contracts remained live and interactable for anyone who knew how to call the program directly on-chain. An attacker was able to identify this forgotten liquidity, leverage a logic flaw within the outdated code, and siphon the assets out into their own wallet with relative ease, as these contracts were no longer being actively monitored by the protocol’s security infrastructure. This incident underscores that in the decentralized landscape, visibility on a front-end is not the same as security, and “deprecated” code on a blockchain remains an active, permanent vulnerability unless it is explicitly and permanently neutralized.
Technical Post-Mortem: The ‘Forged LP Token’ Flaw
At the heart of the exploit was a clever “forged LP token attack.” In DeFi, LP (Liquidity Provider) tokens act like a claim ticket at a coat check; they prove how much of a shared pool belongs to you. Normally, a protocol checks that your claim ticket is genuine before letting you withdraw your share.
In the deprecated Raydium V3 contracts, the security checks were insufficiently robust. The attacker essentially “forged” these digital claim tickets. Because the contracts were old and not subject to the same rigorous oversight as modern deployments, they lacked the validation mechanisms required to detect that these tokens were not authentic. By submitting these forged tokens, the attacker tricked the contract into “authorizing” the withdrawal of real, valuable assets. It was equivalent to someone walking into a bank with a fake ID that the bank’s security system was too outdated to flag as fraudulent.
Governance Impact: From Oversight to Compensation
The response from the Raydium team was immediate, if not reactive. Upon discovery of the unauthorized outflows, the team confirmed that the exploit was isolated to the Legacy V3 pools and that all active, current-version liquidity pools remained safe. To address the fallout, the protocol has pledged to tap into its treasury to fully reimburse the affected users—a move designed to maintain user trust in the aftermath of the breach.
This incident is already triggering a shift in governance norms across the industry. Protocols are now under increased pressure to implement “protocol decommissioning” standards. It is no longer enough to simply “hide” old pools from a website; governance proposals are now favoring mandatory migration periods, where old contracts are systematically drained, migrated, and then programmatically disabled to ensure they can never be interacted with again. This shift marks a maturing of the sector, acknowledging that leaving old code live on-chain is akin to leaving a back door unlocked in a house you’ve already moved out of.
Long-Term Prognosis: Why Investors Should Care
The Raydium exploit is part of a larger, alarming trend in DeFi this quarter. Industry reports from CertiK and Chainalysis released this week indicate that Q2 2026 has seen approximately 70 separate exploits resulting in $746 million in stolen funds—nearly doubling the record for losses in a single quarter.
For the regular investor, this serves as a critical lesson in DeFi hygiene. Even if a protocol feels “safe” and reputable, you are still interacting with code that may have been written years ago. If you still have funds tied up in older pools, or if you are interacting with protocols that have undergone multiple version updates, it is time to check your wallet. Are your assets in the most current, audited version of the protocol, or are they sitting in an “old” contract that has been forgotten? As we’ve seen this week, your assets are only as secure as the last line of code that protects them—even if that code was “retired” half a decade ago.
The cryptocurrency market remains highly volatile. This article is for informational purposes only and does not constitute financial advice.
250M into bundled loans from Ethena? this is either the moment DeFi goes mainstream or the setup for a spectacular blowup. no in between
remember when everyone said institutions would never touch DeFi? 250m says otherwise lol
institutions touching DeFi isnt new (see: Celsius, BlockFi). the difference is Ethena is building the infrastructure instead of just custodying. thats what makes this interesting
comparing Ethena to Celsius is wild. one was a centralized lender hiding risk, the other is literally on-chain with auditable collateral. not the same thing at all Marco
the real question is what happens to USDe peg when these bundled loans get stress tested in a crash. 250M sounds great until the collateral ratio dips below 100%
debt_camel nailed it. everyone focuses on the 250M headline and nobody asks what happens to USDe when ETH drops 40% in a week and those loans get margin called
Institutional money flowing into Ethena bundled products at this scale is actually significant. The yield compression across DeFi is real and this targets that gap directly.
bundled loans for institutions while retail gets 2% on stables. cool cool very cool
Ethena going after institutional yield is smart positioning. retail DeFi yields are garbage right now, 2-3% on stables. institutions will pay for structured products that actually work.