Pump.fun’s post-mortem investigation identified the $1.9 million exploiter as a former employee.
Solana-based memecoin launchpad Pump.fun said a former employee was behind the attack that occurred on Thursday.
The incident involved a former employee gaining administrator privileges at Pump.fun and misappropriating approximately 12,300 SOL, worth approximately $1.9 million at the time.
“At 15:21 UTC, a former employee used his privileged position at the company to illegally access withdrawal privileges and then used flash loans on the Solana lending protocol.” the platform said in its postmortem. Posted At X.
The loan was used to borrow SOL to buy a lot of memecoins until the binding curve reached 100%, which gave the exploiter liquidity to repay the flash loan, Pump.fun detailed. This impacted approximately $1.9 million of the $45 million total liquidity within the bonding curve contract during that particular period.
“All trading on Pump.fun has been suspended by 17:00 UTC. Of the total liquidity of $45 million in bonding curve contracts, only about $1.9 million was affected,” the platform said.
Pump.fun paused trading and upgraded its platform’s contracts to prevent further damage. It added that the platform has been reactivated and contracts remain secure.
“To keep users whole, the Pump.fun team will seed the LPs of each affected coin with an equal or greater amount of SOL liquidity than the coin had at 15:21 UTC within the next 24 hours.” the platform added. Transaction fees are set to 0% for the next 7 days.
Meanwhile, a user named “Stacc” admitted that he had run the exploit. their line In the tweet, Stacc expressed his disdain for the “horrible boss” he seemed to be describing at Pump.fun. “These are not the type of people you want to lead as the face of blockchain,” he said.
X other users @valerio_ethwho claims to be the first engineer hired by Pump.fun, said he worked directly with Stacc.
Stacc also created its own Solana-based memecoin, inspired by an attack called the Flash Stacc Attack (FSA). Created late Thursday night, the market capitalization of the meme token now stands at around $211,000. DEX Screener.
What is Pump.fun?
Solana-powered Pump.fun helps users create new tokens at a minimal cost of around a few dollars. The platform emphasizes its security measures, writing on its website that it “prevents rugs by ensuring that all tokens created are secure” by prohibiting pre-sales and team allocations for new coins.
Users can mint new tokens and determine the purchase price through a bond curve mechanism that sets the price based on current supply. The trading feature allows users to buy and sell their holdings.
The add-on automatically locks a portion of the token’s liquidity pool (approximately $12,000) into Raydium and permanently removes the token from circulation once it reaches a certain market cap of approximately $69,000.
Pump.fun appears to be seeing significant user activity, with daily revenue exceeding $1.2 million on Tuesday. The Block’s data dashboard.
Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.
© 2023 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.