Forgotten DeFi Contracts Cost $22.5M: The Hidden Threat

Exploits in the crypto industry are nothing new, but there's a growing threat that's catching many off guard: legacy DeFi contracts. The recent exploit of Raydium AMM V3, which led to a loss of approximately $1.34 million, is just a piece of a larger puzzle that saw roughly $22.5 million drained from various obsolete contracts. Here's what matters: these incidents aren't isolated. They're part of a pattern where old, forgotten infrastructure becomes an attacker's playground.

Take 1inch, which faced a $5 million loss in March 2025 due to an outdated Fusion v1 resolver contract. Abracadabra also found itself in hot water with a $1.8 million hit later that year, courtesy of deprecated Cauldron V4 contracts. The list goes on, and frankly, these numbers tell the story: out of sight doesn't mean out of risk. But the real issue is lifecycle management, or rather the lack thereof. These contracts are supposed to be retired, yet they remain live, accessible, and vulnerable. The reality is that many protocols focus on active development and user-facing features, leaving retired code to rot in a digital graveyard.

What the street is missing: every protocol is a potential target because old contracts, even if not visible through user interfaces, remain callable on-chain. Protocols like Raydium have paid the price, covering losses from their treasuries while assuring users that current systems aren't affected. Still, from a risk perspective, the inability to decommission these assets effectively turns them into ticking time bombs. So, what can be done? Protocols need to make decommissioning a part of their security checklist, not just a footnote in product documentation. Draining, pausing, and actively monitoring obsolete systems should be standard practice.

As we move forward, the industry needs to address this oversight. The cost of ignoring legacy contracts could keep climbing unless proactive steps are taken. DeFi isn't just about innovation. it's also about maintaining the security and integrity of what already exists.