As an experienced analyst, I find the recent events surrounding pump.fun and the alleged exploit of nearly $2 million a concerning development in the DeFi space on Solana. Having closely followed similar incidents in the past, I am well aware of the potential risks associated with such protocols, especially when it comes to internal security vulnerabilities and the misuse of privileged positions.
As a crypto investor, I’ve recently come across some troubling news regarding Pump.fun, the popular Solana memecoin creation tool. The company has announced that one of its former employees allegedly exploited them for approximately $2 million through a “bonding curve” attack. In simpler terms, it seems that this individual took advantage of a vulnerability in the bonding curve system to siphon off a significant amount of funds from the company. This is certainly not the news we want to hear as investors, and it serves as a reminder of the importance of due diligence and security measures in the ever-evolving world of crypto.
The former employee took advantage of their special access to approve withdrawals and reportedly breached our internal systems as claimed in a May 16 post on pump.fun.
Approximately $1.9 million was taken from the $45 million stored in pump.fun’s bonding curve contracts.
The platform temporarily paused trading but it is now back up and running.
According to pump.fun, their smart contracts are secure, and all affected users will regain the complete liquidity they previously held within a 24-hour timeframe.
Before the announcement from pump.fun, I, as a crypto investor, had heard from Igor Igamberdiev, the head of research at cryptocurrency market maker Wintermute, that the hack of a particular platform was likely caused by an internal private key leak. He had reason to believe that this leak may have originated from the account of X user “STACCoverflow.”
In a string of mysterious X messages, STACCoverflow announced they were on the verge of altering history’s direction but would subsequently end up incarcerated. Elsewhere, they declared indifferently that they had already been unmasked.
Previously on X’s forum, pump.fun mentioned working with law enforcement in a post. They didn’t identify the ex-employee concerned, and they haven’t yet responded to our query for a comment.
How the hack unfolded
An individual allegedly took advantage of flash loans offered by the Solana lending platform Raydium to obtain Solana (SOL). Subsequently, they employed these borrowed SOL tokens to purchase a large quantity of coins through the platform pump.fun.
When the coins reach their full potential on the bonding curves, an exploiter is able to tap into the bonding curve liquidity and pay back their flash loans.
Around 12,300 Solana tokens, equivalent to approximately $1.9 million, were taken during an attack on pump.fun that transpired between 3:21 pm and 5:00 pm UTC on May 16th.
Users who were affected during these hours by the Solana memecoin launchpad attack will regain 100% or even more of their originally held liquidity.
Read More
- JASMY PREDICTION. JASMY cryptocurrency
- LDO PREDICTION. LDO cryptocurrency
- METIS PREDICTION. METIS cryptocurrency
- DOP PREDICTION. DOP cryptocurrency
- SCR PREDICTION. SCR cryptocurrency
- UXLINK PREDICTION. UXLINK cryptocurrency
- QUINT PREDICTION. QUINT cryptocurrency
- ETH PREDICTION. ETH cryptocurrency
- ADS PREDICTION. ADS cryptocurrency
- ELK PREDICTION. ELK cryptocurrency
2024-05-17 03:37