Raydium, the leading decentralized exchange on the Solana blockchain, announced on June 10, 2026 that attackers drained $1.34 million from five liquidity pools connected to a retired version of its automated market maker (AMM) program, according to reporting by The Block. The protocol said its treasury will cover all losses for affected users, repeating a compensation approach it used after a larger breach in December 2022.

The affected pools were inactive, meaning they were no longer the primary venues for trading or liquidity provision on the platform. Despite that status, they apparently retained live on-chain permissions that the attacker was able to exploit. Based on available reporting, the exact method has not been publicly detailed, and further details were not confirmed at time of publication.

What "Retired" Actually Means on Solana

The incident exposes a structural risk specific to how Solana handles smart contract programs. On Solana, every deployed program has an upgrade authority: a cryptographic key that controls whether the program can be modified or updated. If that key is not explicitly revoked or transferred to an unspendable address when a program is decommissioned, the program remains a viable target. Solana's upgrade authority model concentrates control in a single key, a design that differs from Ethereum's EVM approach and that concentrates risk accordingly. A retired pool, in practice, is not a safe pool unless the authority over it has been formally zeroed out.

Security researchers have flagged this pattern before. A 2025 guide published by audit firm Cantina noted that "a compromised upgrade key enables hostile code replacement despite sound program logic." Separately, Nadcab Labs warned in 2026 that residual state across contract upgrades or reinitializations may be manipulated for unauthorized changes if not properly zeroed or validated, a risk that particularly affects deprecated or inactive programs.

A Smaller Incident With a Familiar Playbook

At $1.34 million, this breach is considerably smaller than Raydium's 2022 incident, which cost the protocol between $4.4 million and $5.5 million after a trojan compromised the private key of an admin wallet with fee-withdrawal permissions. That attacker called a single protocol instruction to drain funds from multiple pools without depositing corresponding liquidity tokens.

After the 2022 incident, Raydium moved admin permissions to a multisig wallet (a setup requiring multiple approvals before any action is taken), launched a claim portal for affected users, and allocated over 2.7 million RAY tokens toward restitution. Liquidity providers in RAY-paired pools received 100% of their principal back; non-RAY liquidity providers received 90% of their original tokens plus 30% of the remaining 10% in RAY. That distinction matters for understanding what full restitution may mean for affected users in June 2026. The protocol now appears to be applying the same framework to June's losses.

Raydium's treasury draws from a 12% fee allocation across all pool tiers that continuously buys back RAY from the open market. The protocol has repurchased roughly 38 million RAY tokens worth approximately $52 million in cumulative value. That reserve serves as the backstop for incidents like this one.

Token and Protocol Metrics

RAY, the protocol's native token, was trading around $0.57 to $0.58 on June 10, down roughly 3.8% over 24 hours and 15.2% over the prior week. Market capitalization sits near $155 million, with a fully diluted valuation of approximately $313 million. Raydium's annualized fee revenue stands at approximately $227.54 million according to DefiLlama, a figure that underscores the treasury's capacity to absorb losses of this scale. Despite the breach, Raydium's overall scale remains substantial: total value locked on the protocol ranges from $797 million to just over $1 billion depending on the data source, and the platform recorded $4.46 billion in DEX volume over the past 30 days according to DefiLlama.

Regional Exposure: South Asia and Africa

The practical impact extends well beyond any single geography. India ranks first in the 2026 Chainalysis Global Crypto Adoption Index, with Solana-based protocols including Raydium seeing heavy retail use due to near-zero transaction fees. India's financial regulators have not yet established consumer protection mechanisms covering decentralized protocols, meaning retail liquidity providers in the country currently have no investor protection for DeFi-specific losses. Pakistan, ranked eighth globally in crypto adoption, also hosts active Solana developer communities including in Karachi, making this incident relevant across the broader South Asia region.

In Sub-Saharan Africa, where on-chain transaction volume reached $205 billion between July 2024 and June 2025 and crypto adoption grew 52% year over year, Raydium is a common venue for low-cost trading and yield farming. Nigeria ranks second globally in crypto adoption; Kenya, Ethiopia, and Ghana are also in the top 20. Nigeria's Investments and Securities Act 2025 and Kenya's Virtual Asset Service Providers Bill both formalized crypto oversight, but neither law addresses compensation obligations for DeFi-specific incidents. Affected users in these markets are entirely dependent on Raydium's voluntary treasury restitution.

Looking Ahead

This breach arrives at a difficult moment for Solana security credibility. In April 2026, Drift Protocol lost $285 million in what became the largest crypto hack of 2026 to date, attributed to North Korean state-backed actors who combined exploitation of Solana's "durable nonces" transaction feature with social engineering of Security Council members. The Solana Foundation has since launched STRIDE, a formal security program covering real-time monitoring, an incident response network, and formal verification audits.

For Raydium specifically, the more pressing question is lifecycle management: who is responsible for formally revoking authority over programs when they are retired, and whether any other inactive pools carry similar exposure. For developers across Solana, this incident is a direct advisory. A decommissioned pool with live authority keys is not an artifact. It is an open door.

Verse Press recommends cross-referencing @RaydiumProtocol on X for the protocol's formal statement on the June 2026 incident. On-chain data sourced from DefiLlama and CoinMarketCap as of June 10, 2026.