Raydium core contributors: We will fully compensate for stolen assets; the current mainnet program is unaffected.

According to Mars Finance, Raydium core contributor InfraRAY posted on the X platform that the team has confirmed an attack on the old version of the AMM V3 program, which was discontinued in 2021. The attackers removed some liquidity without authorization. However, this incident does not affect current Raydium users, and the relevant pools have been inaccessible through the official Raydium UI since their discontinuation. The Raydium SDK and DApps also do not support operations on the old version of the AMM V3 pools on the mainnet. The five affected pools are: Sollet USDT-RAY, Sollet ETH-RAY, SRM-RAY, USDC-RAY, and RAY-SOL. Preliminary statistics show that approximately 150,177 RAY, 5,603 SOL, and 893,700 USDC were stolen, with a total value of approximately $1.34 million. The losses will be fully compensated by the treasury. The investigation indicates that the vulnerability stemmed from insufficient verification of the LP token minting address. Attackers bypassed the protocol's proportional verification mechanism by creating new LP tokens and impersonating legitimate LP tokens, thereby withdrawing funds. However, this incident is an independent logical vulnerability, not caused by private key leakage or privilege breach, and therefore poses no risk of further spread. Currently, all existing Raydium mainnet programs are unaffected.