Raydium hack hits retired AMM pools, $1.34M drained and treasury to cover losses

Raydium says an exploit drained about $1.34 million from five inactive liquidity pools tied to its retired AMM program. The pools were not active. Yet funds still moved. That is the core problem this incident highlights.

According to The Block, the attacker pulled the funds from those five pools, labeled as part of a “retired AMM program.” Raydium also told The Block it will compensate impacted users.

Where the money likely sat

Inactive pools sound safe because they no longer route new trades through active liquidity incentives. But “inactive” does not automatically mean “funds cannot be accessed.” With DeFi programs, the security boundary usually depends on what contracts still permit. If there is any remaining control path, it can still be abused.

The Block’s report keeps the scope narrow. It identifies the drain target as five inactive pools, and it frames the incident as a payout obligation for Raydium’s treasury rather than a lingering solvency crisis. That matters for users watching for broader contagion.

What Raydium is doing now

The Block reports that Raydium’s treasury will cover the losses for affected users. In other words, the protocol is not asking users to absorb the hit. The practical effect is simpler accounting for holders. It also reduces the chance that this becomes a “recover it if you can” situation, which often stretches for months.

Still, treasury coverage does not erase the technical takeaway. It shifts the burden from retail loss to protocol risk. In the near term, the question becomes whether the same contract design flaw could be present in other retired components.

The risk pattern: retired does not always mean locked

Retired AMM programs typically stop incentivizing trading or provisioning. But contract code and permissions do not magically disappear when a program sunsets. The only reliable security state is the one enforced by the on-chain logic.

The Block’s detail that the exploit hit five inactive pools should make teams across DeFi ask the same checklist question: do retired modules still have any state transitions that can be triggered, any withdrawals that can be called, or any edge-case accounting paths that a malicious caller can exploit.

What users should watch for

Raydium has said users will be compensated, per The Block. The next signals are operational and technical, not marketing.

Users will want clarity on which contract paths were abused, what checks failed, and how Raydium prevented the same sequence from working again. Without that, “covered losses” can look like financial triage rather than structural repair.

For now, The Block’s report pins down the incident’s size at about $1.34 million, and it limits the affected surface area to five inactive pools. That containment is good news. But it also underlines a familiar lesson in DeFi security. If a contract can still be called, it can still be attacked, even when the interface says the program is over.