{"id":541052,"date":"2026-06-11T20:10:33","date_gmt":"2026-06-11T19:10:33","guid":{"rendered":"https:\/\/cryptoslate.com\/?p=541052"},"modified":"2026-06-11T14:41:07","modified_gmt":"2026-06-11T13:41:07","slug":"legacy-defi-contracts-exploit-risk","status":"publish","type":"post","link":"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/","title":{"rendered":"The next DeFi drain could come from legacy contracts everyone forgot"},"content":{"rendered":"<p>The Raydium AMM V3 exploit drained roughly $1.34 million from a phased-out program tied to five pools outside the current product path, unsupported by Raydium\u2019s UI or SDK, and inaccessible to current users.<\/p>\n<p>The exploit hit legacy DeFi contracts and infrastructure that nobody treated as a live attack surface, exposing a lifecycle-management failure that extends well beyond one Solana decentralized exchange.<\/p>\n<h2>The category nobody is counting<\/h2>\n<p>Public exploit reports have found at least eight clear cases since March 2025 in which deprecated, obsolete, or legacy <a href=\"https:\/\/cryptoslate.com\/defis-automated-yield-protocols-retail-risk\/\">DeFi contracts<\/a> became the attack surface, totaling roughly $10.8 million in losses.<\/p>\n<p>Extending the definition to include broader legacy-vault and legacy-product failures lifts the count to about ten incidents and $22.5 million, including <a href=\"https:\/\/cryptoslate.com\/companies\/raydium\/\">Raydium<\/a>.<\/p>\n<p>Exploit trackers classify incidents by technical mechanisms, such as smart contract bugs, access control failures, oracle manipulations, private key compromises, and bridge flaws.<\/p>\n<p>Zombie contracts, or legacy DeFi contracts still callable after retirement, belong to a different axis entirely: a lifecycle state that consistently vanishes inside broader exploit labels.<\/p>\n<table>\n<thead>\n<tr>\n<th>Exploit label databases usually use<\/th>\n<th>What it captures<\/th>\n<th>What it misses<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Smart contract bug<\/td>\n<td>The code flaw that let funds move<\/td>\n<td>Whether the contract was deprecated, obsolete, or outside the active product<\/td>\n<\/tr>\n<tr>\n<td>Access control failure<\/td>\n<td>Missing or broken permission checks<\/td>\n<td>Whether the affected deployment should still have been callable<\/td>\n<\/tr>\n<tr>\n<td>Business logic flaw<\/td>\n<td>Broken assumptions inside protocol logic<\/td>\n<td>Whether the logic belonged to old infrastructure no longer supported by the UI\/SDK<\/td>\n<\/tr>\n<tr>\n<td>Oracle\/accounting issue<\/td>\n<td>Incorrect pricing, balances, or shares<\/td>\n<td>Whether the vault or pool was a legacy product<\/td>\n<\/tr>\n<tr>\n<td>Zombie-contract \/ lifecycle risk<\/td>\n<td>Deprecated infrastructure still live on-chain<\/td>\n<td>The missing category: contracts that were \u201cretired\u201d in product terms but not decommissioned technically<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Raydium's AMM V3 pools were deprecated after Serum's own deprecation rendered them inert. The legacy program was built to place orders on the Serum order book, and once Serum wound down, it lost its only function and left associated liquidity idle.<\/p>\n<p>Raydium's current programs use a virtual supply mechanism for proportion checks and verify LP mint addresses along with all other relevant account information.<\/p>\n<p>The legacy program skipped both checks, letting an attacker create a new mint, present it as the LP token, and bypass proportion controls entirely.<\/p>\n<p>Roughly 150,177 <a href=\"https:\/\/cryptoslate.com\/coins\/raydium\/\">RAY<\/a>, 5,603 <a href=\"https:\/\/cryptoslate.com\/coins\/solana\/\">SOL<\/a>, and 893,700 <a href=\"https:\/\/cryptoslate.com\/coins\/usd-coin\/\">USDC<\/a> had been sitting in pools outside the current product but stayed callable on-chain.<\/p>\n<h2>One pattern for eight incidents<\/h2>\n<p>In March 2025, <a href=\"https:\/\/cryptoslate.com\/companies\/1inch-network\/\">1inch<\/a> lost <a href=\"https:\/\/cryptoslate.com\/1inch-hit-by-5-million-exploit-in-outdated-smart-contract\/\">roughly $5 million<\/a> when an obsolete Fusion v1 resolver contract implementation was exploited.<\/p>\n<p>In October 2025, Abracadabra <a href=\"https:\/\/www.0xteam.space\/blog\/abracadabra-hack-october\">lost $1.8 million<\/a> due to deprecated Cauldron V4 contracts that remained active and exploitable because of a logic flaw. In December 2025, Yearn's legacy iEarn <a href=\"https:\/\/cryptoslate.com\/coins\/true-usd\/\">TUSD<\/a> vault was drained of <a href=\"https:\/\/x.com\/yearnfi\/status\/2001094653391614171?s=20\">roughly $300,000<\/a>, while Yearn's current v2 and v3 vaults remained clean.<\/p>\n<p>Things escalated in May: SlowMist reported Transit Finance <a href=\"https:\/\/hacked.slowmist.io\/?c=Bridge&page=1\">losing $1.88 million<\/a> through a deprecated 2022-era TRON contract, and Huma Finance lost <a href=\"https:\/\/x.com\/humafinance\/status\/2053858499378258198\">roughly $101,000<\/a> through deprecated V1 BaseCreditPool contracts on <a href=\"https:\/\/cryptoslate.com\/coins\/polygon\/\">Polygon<\/a>.<\/p>\n<p>Renegade lost <a href=\"https:\/\/hacked.slowmist.io\/en\/?c=&page=3\">approximately $209,000<\/a> due to a legacy V1 <a href=\"https:\/\/cryptoslate.com\/coins\/arbitrum\/\">Arbitrum<\/a> deployment exposed by an unprotected initializer and a migration issue, with white-hat recovery reducing the net impact.<\/p>\n<p>Scallop lost <a href=\"https:\/\/x.com\/Scallop_io\/status\/2048384340049215835\">roughly $140,000<\/a> due to a deprecated rewards contract, leaving the core lending infrastructure clean.<\/p>\n<p>Every protocol made the same claim that current users were safe and current programs intact, and every protocol still paid out from the treasury, because the old infrastructure had stayed callable long after it left the active product path.<\/p>\n<table>\n<thead>\n<tr>\n<th>Protocol<\/th>\n<th align=\"right\">Date<\/th>\n<th>Legacy surface exploited<\/th>\n<th align=\"right\">Approx. loss<\/th>\n<th>Why it fits the pattern<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>1inch<\/td>\n<td align=\"right\">Mar. 2025<\/td>\n<td>Obsolete Fusion v1 resolver implementation<\/td>\n<td align=\"right\"><strong>~$5.0M<\/strong><\/td>\n<td>Old resolver logic remained relevant enough to exploit after the protocol had moved on.<\/td>\n<\/tr>\n<tr>\n<td>Abracadabra<\/td>\n<td align=\"right\">Oct. 2025<\/td>\n<td>Deprecated Cauldron V4 contracts<\/td>\n<td align=\"right\"><strong>~$1.8M<\/strong><\/td>\n<td>Deprecated contracts remained active and exploitable through a logic flaw.<\/td>\n<\/tr>\n<tr>\n<td>Yearn<\/td>\n<td align=\"right\">Dec. 2025<\/td>\n<td>Legacy iEarn TUSD vault<\/td>\n<td align=\"right\"><strong>~$0.3M<\/strong><\/td>\n<td>Legacy vault was drained while current Yearn vaults remained unaffected.<\/td>\n<\/tr>\n<tr>\n<td>Transit Finance<\/td>\n<td align=\"right\">May 2026<\/td>\n<td>Deprecated 2022-era TRON contract<\/td>\n<td align=\"right\"><strong>~$1.88M<\/strong><\/td>\n<td>Old contract surface stayed live after deprecation and became the attack path.<\/td>\n<\/tr>\n<tr>\n<td>Huma Finance<\/td>\n<td align=\"right\">May 2026<\/td>\n<td>Deprecated V1 BaseCreditPool contracts on Polygon<\/td>\n<td align=\"right\"><strong>~$0.101M<\/strong><\/td>\n<td>Retired architecture still held exploitable value outside the current system.<\/td>\n<\/tr>\n<tr>\n<td>Renegade<\/td>\n<td align=\"right\">May 2026<\/td>\n<td>Legacy V1 Arbitrum deployment<\/td>\n<td align=\"right\"><strong>~$0.209M<\/strong><\/td>\n<td>Migration and initializer issues exposed an old deployment.<\/td>\n<\/tr>\n<tr>\n<td>Scallop<\/td>\n<td align=\"right\">2026<\/td>\n<td>Deprecated rewards-side contract<\/td>\n<td align=\"right\"><strong>~$0.14M<\/strong><\/td>\n<td>Core lending infrastructure stayed clean, but old rewards infrastructure was exploitable.<\/td>\n<\/tr>\n<tr>\n<td>Raydium<\/td>\n<td align=\"right\">2026<\/td>\n<td>Legacy AMM V3 pools<\/td>\n<td align=\"right\"><strong>~$1.34M<\/strong><\/td>\n<td>Current UI\/SDK and users were unaffected, but old pools remained callable on-chain.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Why databases lose this<\/h2>\n<p>Most exploit classifications focus on how the attacker got in, what they manipulated, and <a href=\"https:\/\/cryptoslate.com\/the-next-big-defi-exploit-will-start-before-the-code-is-deployed\/\">which code failed<\/a>, a mechanism-first lens that obscures zombie contract exploits, where the core failure is that the infrastructure was supposed to be retired.<\/p>\n<p>Transit's deprecated TRON contract was an old protocol surface that nobody decommissioned. Scallop's deprecated rewards contract was an accounting flaw in infrastructure that the team had moved past. Huma's V1 BaseCreditPool was retired architecture still holding assets on a chain the protocol had migrated away from.<\/p>\n<p>A 2025 <a href=\"https:\/\/arxiv.org\/abs\/2507.20175\">SoK paper<\/a> analyzing 50 severe real-world exploits from 2022 to 2025, totaling over $1 billion in losses, argued that high-impact incidents frequently involve exploit chains spanning human, operational, economic, lifecycle, and governance layers.<\/p>\n<p>The authors proposed a four-tier root-cause framework that treats lifecycle and governance failures as a distinct category alongside implementation errors. Zombie contracts fit that framework: lifecycle failures that exploit databases are absorbed into implementation-bug counts, keeping the cumulative dollar figure buried inside unrelated categories.<\/p>\n<h2>The fork in the graveyard<\/h2>\n<p>If protocols continue to treat decommissioning as an afterthought, deprecating contracts in product documentation without draining, pausing, or monitoring them, attackers will keep scanning the graveyard.<\/p>\n<p>Every major protocol's deployment history becomes a searchable attack surface. The $22.5 million current estimate is a floor, based on incidents that made it into public reporting with sufficient detail to classify.<\/p>\n<p>Legacy vaults, forgotten approval surfaces, and old integrations that still hold assets but sit outside active user flows receive far less monitoring than live infrastructure, which is what attackers scan for.<\/p>\n<p>If the category gets named and counted, if decommissioning checklists become standard practice alongside audits, the attack surface shrinks through maintenance.<\/p>\n<p>Raydium's treasury absorbs the $1.3 million exploit, Transit's team promised compensation, and Huma covered its losses.<\/p>\n<p>That makes DeFi contract decommissioning a security control rather than a documentation task.<\/p>\n<table>\n<thead>\n<tr>\n<th>Decommissioning control<\/th>\n<th>What it means<\/th>\n<th>Why it matters<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Drain idle assets<\/td>\n<td>Remove funds from retired pools, vaults, and reward contracts.<\/td>\n<td>Eliminates the financial incentive for attackers to scan abandoned infrastructure.<\/td>\n<\/tr>\n<tr>\n<td>Pause callable functions<\/td>\n<td>Disable swaps, withdrawals, reward claims, or admin functions where possible.<\/td>\n<td>Turns \u201cdeprecated\u201d into an actual security state rather than a product label.<\/td>\n<\/tr>\n<tr>\n<td>Verify LP mints, approvals, and permissions<\/td>\n<td>Review old mint checks, approvals, authorities, and account assumptions.<\/td>\n<td>Prevents attackers from exploiting stale validation logic or forgotten permissions.<\/td>\n<\/tr>\n<tr>\n<td>Monitor legacy deployments<\/td>\n<td>Keep alerts active for old contracts, pools, and chain deployments.<\/td>\n<td>Prevents abandoned infrastructure from becoming invisible to the team but visible to attackers.<\/td>\n<\/tr>\n<tr>\n<td>Keep legacy code in bug-bounty scope<\/td>\n<td>Include retired or deprecated infrastructure in security programs.<\/td>\n<td>Gives white hats a reason to report issues before attackers exploit them.<\/td>\n<\/tr>\n<tr>\n<td>Publish retirement status<\/td>\n<td>Clearly identify whether old products are drained, paused, monitored, or unsupported.<\/td>\n<td>Helps users, integrators, and analysts distinguish \u201cnot in the UI\u201d from \u201cnot risky.\u201d<\/td>\n<\/tr>\n<tr>\n<td>Define treasury liability<\/td>\n<td>State whether the protocol will compensate losses from retired infrastructure.<\/td>\n<td>Makes clear whether old code remains an implicit claim on the protocol treasury.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Deprecating a contract transfers the security liability to the treasury while leaving the attack surface intact. Retiring infrastructure without decommissioning it keeps it live, with the team's attention diverted and the attacker's incentive intact.<\/p>\n<p>In addition to total value locked, <a href=\"https:\/\/cryptoslate.com\/defi\/\">DeFi<\/a> protocols accumulate history, and history can be exploited.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Raydium AMM V3 exploit drained roughly $1.34 million from a phased-out program tied to five pools outside the current product path, unsupported by Raydium\u2019s UI or SDK, and inaccessible to current users. The exploit hit legacy DeFi contracts and infrastructure that nobody treated as a live attack surface, exposing a lifecycle-management failure that extends [&hellip;]<\/p>\n","protected":false},"author":1511,"featured_media":541134,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[76799,46940,77968,16041],"tags":[],"prediction_market_topic":[],"post_folder":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.9 (Yoast SEO v21.9.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The next DeFi drain could come from legacy contracts everyone forgot<\/title>\n<meta name=\"description\" content=\"Legacy DeFi contracts remain callable after protocols move on. Raydium\u2019s exploit shows why retired code can still drain funds.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The next DeFi drain could come from legacy contracts everyone forgot\" \/>\n<meta property=\"og:description\" content=\"Legacy DeFi contracts remain callable after protocols move on. Raydium\u2019s exploit shows why retired code can still drain funds.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"CryptoSlate\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-11T19:10:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-11T13:41:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/06\/defi-drain.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Gino Matos\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cryptoslate\" \/>\n<meta name=\"twitter:site\" content=\"@cryptoslate\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Gino Matos\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/\"},\"author\":{\"@type\":\"Person\",\"@id\":\"https:\/\/cryptoslate.com\/author\/gino-matos\/#person\",\"name\":\"Gino Matos\",\"url\":\"https:\/\/cryptoslate.com\/author\/gino-matos\/\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cryptoslate.com\/author\/gino-matos\/\"},\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/cryptoslate.com\/author\/gino-matos\/#authorimage\",\"url\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/12\/profile-photo-gino-300x300.jpg\",\"contentUrl\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/12\/profile-photo-gino-300x300.jpg\",\"caption\":\"Gino Matos\"},\"jobTitle\":\"Reporter\",\"description\":\"Gino Matos is a seasoned crypto journalist and law graduate covering Brazil\u2019s blockchain ecosystem and DeFi developments.\",\"worksFor\":{\"@id\":\"https:\/\/cryptoslate.com\/#organization\"},\"sameAs\":[\"https:\/\/x.com\/pelicamatos\",\"https:\/\/www.linkedin.com\/in\/ginomatos\",\"https:\/\/muckrack.com\/gino-matos\"]},\"headline\":\"The next DeFi drain could come from legacy contracts everyone forgot\",\"datePublished\":\"2026-06-11T19:10:33+00:00\",\"dateModified\":\"2026-06-11T19:10:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/\"},\"wordCount\":1271,\"publisher\":{\"@id\":\"https:\/\/cryptoslate.com\/#organization\"},\"articleSection\":[\"Crime\",\"DeFi\",\"Featured\",\"Hacks\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2026\",\"copyrightHolder\":{\"@id\":\"https:\/\/cryptoslate.com\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/\",\"url\":\"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/\",\"name\":\"The next DeFi drain could come from legacy contracts everyone forgot\",\"isPartOf\":{\"@id\":\"https:\/\/cryptoslate.com\/#website\"},\"datePublished\":\"2026-06-11T19:10:33+00:00\",\"dateModified\":\"2026-06-11T19:10:33+00:00\",\"description\":\"Legacy DeFi contracts remain callable after protocols move on. Raydium\u2019s exploit shows why retired code can still drain funds.\",\"breadcrumb\":{\"@id\":\"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cryptoslate.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The next DeFi drain could come from legacy contracts everyone forgot\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cryptoslate.com\/#website\",\"url\":\"https:\/\/cryptoslate.com\/\",\"name\":\"CryptoSlate\",\"description\":\"Cryptocurrency News and Real-time Coin Data\",\"publisher\":{\"@id\":\"https:\/\/cryptoslate.com\/#organization\"},\"inLanguage\":\"en-US\"},{\"@type\":\"NewsMediaOrganization\",\"@id\":\"https:\/\/cryptoslate.com\/#organization\",\"name\":\"CryptoSlate\",\"url\":\"https:\/\/cryptoslate.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg\",\"contentUrl\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg\",\"width\":1000,\"height\":1000,\"caption\":\"CryptoSlate\"},\"image\":{\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/twitter.com\/cryptoslate\",\"https:\/\/www.instagram.com\/cryptoslate\",\"https:\/\/www.linkedin.com\/company\/cryptoslate\",\"https:\/\/www.youtube.com\/c\/cryptoslate\",\"https:\/\/cryptoslate.substack.com\",\"https:\/\/t.me\/cryptoslatenews\",\"https:\/\/www.crunchbase.com\/organization\/cryptoslate\",\"https:\/\/iq.wiki\/wiki\/cryptoslate\",\"https:\/\/news.google.com\/publications\/CAAqKggKIiRDQklTRlFnTWFoRUtEMk55ZVhCMGIzTnNZWFJsTG1OdmJTZ0FQAQ\",\"https:\/\/muckrack.com\/media-outlet\/cryptoslate\",\"https:\/\/www.tiktok.com\/@cryptoslatenews\"],\"publishingPrinciples\":\"https:\/\/cryptoslate.com\/editorial-policy\/#editorial-principles\",\"ownershipFundingInfo\":\"https:\/\/cryptoslate.com\/disclaimers\/how-cryptoslate-makes-and-spends-money\/\",\"correctionsPolicy\":\"https:\/\/cryptoslate.com\/editorial-policy\/#corrections-feedback\",\"ethicsPolicy\":\"https:\/\/cryptoslate.com\/editorial-policy\/#editorial-principles\",\"foundingDate\":\"2017-08-04\",\"founder\":[{\"@type\":\"Person\",\"name\":\"Nate Whitehill\"},{\"@type\":\"Person\",\"name\":\"Matthew Blancarte\"}],\"contactPoint\":[{\"@type\":\"ContactPoint\",\"contactType\":\"customer support\",\"url\":\"https:\/\/cryptoslate.com\/contact\/\",\"availableLanguage\":\"en-US\"},{\"@type\":\"ContactPoint\",\"contactType\":\"sales\",\"url\":\"https:\/\/cryptoslate.com\/advertising\/\",\"availableLanguage\":\"en-US\"},{\"@type\":\"ContactPoint\",\"contactType\":\"newsroom\",\"url\":\"https:\/\/cryptoslate.com\/editorial-policy\/#corrections-feedback\",\"email\":\"tips@cryptoslate.com\",\"availableLanguage\":\"en-US\"}],\"masthead\":\"https:\/\/cryptoslate.com\/about\/#masthead\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/person\/f03754c9e579651795caf77a2b00c49c\",\"name\":\"Gino Matos\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/12\/profile-photo-gino-150x150.jpg\",\"contentUrl\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/12\/profile-photo-gino-150x150.jpg\",\"caption\":\"Gino Matos\"},\"description\":\"Gino Matos is a law school graduate and a seasoned journalist with six years of experience in the crypto industry. His expertise primarily focuses on the Brazilian blockchain ecosystem and developments in decentralized finance (DeFi).\",\"url\":\"https:\/\/cryptoslate.com\/author\/gino-matos\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"The next DeFi drain could come from legacy contracts everyone forgot","description":"Legacy DeFi contracts remain callable after protocols move on. Raydium\u2019s exploit shows why retired code can still drain funds.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/","og_locale":"en_US","og_type":"article","og_title":"The next DeFi drain could come from legacy contracts everyone forgot","og_description":"Legacy DeFi contracts remain callable after protocols move on. Raydium\u2019s exploit shows why retired code can still drain funds.","og_url":"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/","og_site_name":"CryptoSlate","article_published_time":"2026-06-11T19:10:33+00:00","article_modified_time":"2026-06-11T13:41:07+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2026\/06\/defi-drain.jpg","type":"image\/jpeg"}],"author":"Gino Matos","twitter_card":"summary_large_image","twitter_creator":"@cryptoslate","twitter_site":"@cryptoslate","twitter_misc":{"Written by":"Gino Matos","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/#article","isPartOf":{"@id":"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/"},"author":{"@type":"Person","@id":"https:\/\/cryptoslate.com\/author\/gino-matos\/#person","name":"Gino Matos","url":"https:\/\/cryptoslate.com\/author\/gino-matos\/","mainEntityOfPage":{"@id":"https:\/\/cryptoslate.com\/author\/gino-matos\/"},"image":{"@type":"ImageObject","@id":"https:\/\/cryptoslate.com\/author\/gino-matos\/#authorimage","url":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/12\/profile-photo-gino-300x300.jpg","contentUrl":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/12\/profile-photo-gino-300x300.jpg","caption":"Gino Matos"},"jobTitle":"Reporter","description":"Gino Matos is a seasoned crypto journalist and law graduate covering Brazil\u2019s blockchain ecosystem and DeFi developments.","worksFor":{"@id":"https:\/\/cryptoslate.com\/#organization"},"sameAs":["https:\/\/x.com\/pelicamatos","https:\/\/www.linkedin.com\/in\/ginomatos","https:\/\/muckrack.com\/gino-matos"]},"headline":"The next DeFi drain could come from legacy contracts everyone forgot","datePublished":"2026-06-11T19:10:33+00:00","dateModified":"2026-06-11T19:10:33+00:00","mainEntityOfPage":{"@id":"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/"},"wordCount":1271,"publisher":{"@id":"https:\/\/cryptoslate.com\/#organization"},"articleSection":["Crime","DeFi","Featured","Hacks"],"inLanguage":"en-US","copyrightYear":"2026","copyrightHolder":{"@id":"https:\/\/cryptoslate.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/","url":"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/","name":"The next DeFi drain could come from legacy contracts everyone forgot","isPartOf":{"@id":"https:\/\/cryptoslate.com\/#website"},"datePublished":"2026-06-11T19:10:33+00:00","dateModified":"2026-06-11T19:10:33+00:00","description":"Legacy DeFi contracts remain callable after protocols move on. Raydium\u2019s exploit shows why retired code can still drain funds.","breadcrumb":{"@id":"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/cryptoslate.com\/legacy-defi-contracts-exploit-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cryptoslate.com\/"},{"@type":"ListItem","position":2,"name":"The next DeFi drain could come from legacy contracts everyone forgot"}]},{"@type":"WebSite","@id":"https:\/\/cryptoslate.com\/#website","url":"https:\/\/cryptoslate.com\/","name":"CryptoSlate","description":"Cryptocurrency News and Real-time Coin Data","publisher":{"@id":"https:\/\/cryptoslate.com\/#organization"},"inLanguage":"en-US"},{"@type":"NewsMediaOrganization","@id":"https:\/\/cryptoslate.com\/#organization","name":"CryptoSlate","url":"https:\/\/cryptoslate.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/","url":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg","contentUrl":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg","width":1000,"height":1000,"caption":"CryptoSlate"},"image":{"@id":"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/twitter.com\/cryptoslate","https:\/\/www.instagram.com\/cryptoslate","https:\/\/www.linkedin.com\/company\/cryptoslate","https:\/\/www.youtube.com\/c\/cryptoslate","https:\/\/cryptoslate.substack.com","https:\/\/t.me\/cryptoslatenews","https:\/\/www.crunchbase.com\/organization\/cryptoslate","https:\/\/iq.wiki\/wiki\/cryptoslate","https:\/\/news.google.com\/publications\/CAAqKggKIiRDQklTRlFnTWFoRUtEMk55ZVhCMGIzTnNZWFJsTG1OdmJTZ0FQAQ","https:\/\/muckrack.com\/media-outlet\/cryptoslate","https:\/\/www.tiktok.com\/@cryptoslatenews"],"publishingPrinciples":"https:\/\/cryptoslate.com\/editorial-policy\/#editorial-principles","ownershipFundingInfo":"https:\/\/cryptoslate.com\/disclaimers\/how-cryptoslate-makes-and-spends-money\/","correctionsPolicy":"https:\/\/cryptoslate.com\/editorial-policy\/#corrections-feedback","ethicsPolicy":"https:\/\/cryptoslate.com\/editorial-policy\/#editorial-principles","foundingDate":"2017-08-04","founder":[{"@type":"Person","name":"Nate Whitehill"},{"@type":"Person","name":"Matthew Blancarte"}],"contactPoint":[{"@type":"ContactPoint","contactType":"customer support","url":"https:\/\/cryptoslate.com\/contact\/","availableLanguage":"en-US"},{"@type":"ContactPoint","contactType":"sales","url":"https:\/\/cryptoslate.com\/advertising\/","availableLanguage":"en-US"},{"@type":"ContactPoint","contactType":"newsroom","url":"https:\/\/cryptoslate.com\/editorial-policy\/#corrections-feedback","email":"tips@cryptoslate.com","availableLanguage":"en-US"}],"masthead":"https:\/\/cryptoslate.com\/about\/#masthead"},{"@type":"Person","@id":"https:\/\/cryptoslate.com\/#\/schema\/person\/f03754c9e579651795caf77a2b00c49c","name":"Gino Matos","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptoslate.com\/#\/schema\/person\/image\/","url":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/12\/profile-photo-gino-150x150.jpg","contentUrl":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2025\/12\/profile-photo-gino-150x150.jpg","caption":"Gino Matos"},"description":"Gino Matos is a law school graduate and a seasoned journalist with six years of experience in the crypto industry. His expertise primarily focuses on the Brazilian blockchain ecosystem and developments in decentralized finance (DeFi).","url":"https:\/\/cryptoslate.com\/author\/gino-matos\/"}]}},"_links":{"self":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts\/541052"}],"collection":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/users\/1511"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/comments?post=541052"}],"version-history":[{"count":4,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts\/541052\/revisions"}],"predecessor-version":[{"id":541248,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts\/541052\/revisions\/541248"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/media\/541134"}],"wp:attachment":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/media?parent=541052"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/categories?post=541052"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/tags?post=541052"},{"taxonomy":"prediction_market_topic","embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/prediction_market_topic?post=541052"},{"taxonomy":"post_folder","embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/post_folder?post=541052"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}