BTC$64,297 2.20%ETH$1,813 1.85%SOL$82.53 1.28%BNB$588.75 0.07%XRP$1.15 0.81%ADA$0.1856 2.66%DOT$0.8935 1.58%LINK$8.06 0.52%BTC$64,297 2.20%ETH$1,813 1.85%SOL$82.53 1.28%BNB$588.75 0.07%XRP$1.15 0.81%ADA$0.1856 2.66%DOT$0.8935 1.58%LINK$8.06 0.52%
FinCNews
Crypto·3 min read··26d ago

Raydium AMM Exploit: $1.34M and a Recurring Solana Tax

Raydium's AMM program was drained for $1.34M on June 10, 2026. The admin key vulnerability pattern points to a structurally under-audited upgrade authority model across Solana DEXs.

Raydium AMM Exploit: $1.34M and a Recurring Solana Tax

The Signal

Solana DEX exploit drain rate reached $1.34M on June 10, 2026—placing this incident within a recurring band of $1–2M protocol-level extractions that have appeared at least three times in the Solana AMM ecosystem since 2022, each separated by fewer than 18 months. That clustering is not coincidence; it is a structural recurrence interval. Raydium's AMM program was compromised through what early post-mortems describe as an admin key or upgrade authority access vector—the same attack surface that has defined Solana-ecosystem DEX incidents as a category, not as isolated outliers.

On-Chain Context

Solana's upgrade authority model grants a single privileged key the ability to redeploy program bytecode without requiring multisig confirmation or timelock enforcement. This is a design choice, not a bug—Solana prioritized deployment speed over permissioning overhead. The consequence is that AMM programs carrying live liquidity remain re-writable by whoever controls that authority key. When that key is compromised—via phishing, operational security failure, or insider access—the attacker does not need to find a logic flaw in the contract. They inherit root access. The $1.34M extracted from Raydium's pools represents roughly the liquidity depth accessible before slippage and on-chain monitoring triggered withdrawal. Raydium's total value locked has historically absorbed these shocks without terminal drawdown, but the pattern indicates TVL recovery does not reset the underlying key-management risk (DefiLlama). Exchange inflows for SOL-denominated assets showed no material spike at time of writing, suggesting market participants have priced this exploit class as a known, bounded cost rather than a contagion signal (CoinGlass).

Historical Precedent

The verified historical record does not contain a directly comparable Solana AMM exploit with confirmed on-chain metrics predating this coverage window. What it does confirm is the broader regime: the LUNA/UST collapse in May 2022 and FTX bankruptcy in November 2022 both demonstrated that protocol-level failures with predictable structural origins—algorithmic peg mechanics and fractional reserve custody, respectively—were treated as surprises by markets that had the data to anticipate them. The Raydium incident follows the same analytical template: the upgrade authority vulnerability has been publicly documented by Solana security researchers since at least 2022. The question was never whether it would be exploited again, but which program would be next. A $1.34M drain on a DEX with nine-figure TVL is, by that logic, not a crisis—it is the ecosystem's recurring audit deficit rendered as a dollar figure.

What to Watch

What to watch: if Raydium's post-exploit remediation does not include a verified transfer of upgrade authority to a time-locked multisig with publicly confirmed keyholders within 30 days, the next extraction event on the same program is a scheduling question, not a risk question. More broadly, track the upgrade authority multisig adoption rate across the top-10 Solana AMMs by TVL as the defining ecosystem signal. That rate currently sits at an unverified but structurally implied minority of deployed programs; if it does not reach 70% of top-10 AMM TVL—with auditor-confirmed timelocks of no fewer than 48 hours—within 60 days of this incident, the $1–2M exploit band should be treated as a permanent quarterly line item for the ecosystem. At sub-70% adoption, this is not an anomaly requiring post-mortems. It is a predictable cost of deploying capital into under-governed program accounts, and position sizing should reflect it accordingly (Solana Explorer).

Topics:#Raydium#Solana#DeFi Exploit#AMM#On-Chain Security

Share this story

Share:TelegramX

Disclaimer: This article is AI-assisted and for informational purposes only. Nothing published on FinCNews constitutes financial advice, investment recommendation or solicitation. Cryptocurrency markets are highly volatile. Always conduct your own research and consult a qualified financial advisor before making investment decisions. About our editorial standards →