Pump.fun, a popular platform, faced a significant security breach today, resulting in the loss of 12,300 SOL tokens, valued at approximately $2 million.
The exploit impacted around 1,882 wallets and has been attributed to a former employee known as @STACCoverflow on X.
The attacker’s motivation appears linked to allegations of financial misconduct by Pump.fun’s founders. In a revealing post, @STACCoverflow claimed, “The founders withdrew 2m from treasury yesterday. Let them pay for it.”
This accusation corresponds closely with the amount stolen, suggesting a retaliatory motive.
Pump fun(@pumpdotfun) was exploited for 12.3K $SOL($2M) today!
Involving as many as 1,882 wallets!
1/ How did it happen? pic.twitter.com/BETiFGSLu5
— Lookonchain (@lookonchain) May 17, 2024
The breach was executed through a flash loan attack after the attacker gained access to Pump.fun’s service account key.
Flash loan attacks allow users to borrow large sums of cryptocurrency without collateral, provided the borrowed amount is returned within the same transaction. This method is often used to exploit vulnerabilities in smart contracts.
Pump.Fun Team Responds Quickly, Removing Trading Fees Temporarily
Despite the severe breach, the Pump.fun team responded quickly by redeploying their contract. Trading has resumed on the platform, with a temporary suspension of trading fees for the next seven days to encourage user activity and trust.
Additionally, Pump.fun has committed to replenishing the liquidity pools (LPs) for each affected coin within the next 24 hours to mitigate the damage.
Interestingly, @STACCoverflow has launched a new memecoin to capitalize on the notoriety of the exploit. The creation of this coin seems to be an attempt to further profit from the incident, leveraging the attention and controversy surrounding the attack.
While the immediate aftermath of the exploit has been chaotic, the swift actions by the Pump.fun team to address the breach and support affected users highlight their commitment to security and user trust.
The incident serves as a stark reminder of the ongoing security challenges within the cryptocurrency space and the need for robust safeguards against insider threats and technical vulnerabilities.
Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.
Follow us on Twitter @themerklehash to stay updated with the latest Crypto, NFT, AI, Cybersecurity, and Metaverse news!
