How to Create a Diversified Crypto Portfolio
17/05/2024
Dogeverse Meme coin Nears Exchange Listing After Raising $15 Million in Presale
17/05/2024
Ex-Employee Behind $1.9M Exploit Claims Memecoin Launcher Pump.fun
Pump.fun, a Solana memecoin creation tool, has alleged that a former employee exploited the platform for nearly $2 million through a “bonding curve” attack. Despite this setback, the company assures that its smart contracts remain secure and affected users will recover “100% of the liquidity” within the next 24 hours.
In a May 16 X post, pump.fun claimed that the ex-employee used their “privileged position” to gain access to a “withdraw authority” and compromised the protocol’s internal systems. Approximately $1.9 million was siphoned from the total $45 million held in pump.fun’s bonding curve contracts.
The platform temporarily halted trading but has since resumed operations. Pump.fun reiterated that its smart contracts are secure and confirmed that users affected by the incident would receive full liquidity restitution within the next 24 hours.
Before pump.fun’s announcement, Igor Igamberdiev, head of research at cryptocurrency market maker Wintermute, suggested the hack resulted from an internal private key leak, allegedly involving X user “STACCoverflow.” In a series of cryptic posts, STACCoverflow hinted at their involvement and potential legal consequences, stating they were “about to change the course of history. n [sic] then rot in jail,” and acknowledged they were “already fully doxxed.”
Pump.fun mentioned in an earlier X post that it is collaborating with law enforcement, but has not named the former employee involved in the exploit. The company did not immediately respond to requests for further comments.
How the Exploit Occurred
The alleged perpetrator utilized flash loans on the Solana lending protocol Raydium to borrow Solana’s SOL tokens. These tokens were then used to “buy as many coins” as possible on pump.fun’s platform. Once the coins reached 100% on their respective bonding curves, the exploiter accessed the bonding curve liquidity to repay the flash loans.
In total, approximately 12,300 SOL, valued at $1.9 million, was stolen during the attack, which occurred between 3:21 pm and 5:00 pm UTC on May 16. Pump.fun assured that users impacted during these hours would recover 100% or more of the liquidity held prior to the exploit.
Related Developments
In related news, a Solana memecoin recently hit an extraordinary $328 trillion market cap for unintended reasons, highlighting the volatile nature of the memecoin market.
Pump.fun continues to work with law enforcement to resolve the situation and ensure the security and trust of its users moving forward. The platform’s swift response and commitment to user restitution underscore its dedication to maintaining a secure and reliable service for the cryptocurrency community.
Links:
