Former Employee Exploits pump.fun, Embezzles Nearly $2 Million via Bonding Curve Attack
Summary:
pump.fun, a Solana memecoin creation tool, has reported that a former employee exploited their system, stealing almost $2 million via a "bonding curve" attack. Approximately $1.9 million was stolen from the firm's bonding curve contracts totaling $45 million. Trading was temporarily halted following the attack, but has since resumed. The company assures that the smart contracts remain safe and that affected users will have their liquidity fully restored. A flash loan borrowing of Solana (SOL) tokens enabled the hack, with around 12,300 SOL (worth $1.9 million) being stolen. The Solana memecoin platform promises full recovery of liquidity for users affected.
pump.fun, a tool for creating memecoins on the Solana platform, revealed that a former worker leveraged an internal system weakness to embezzle a sum near $2 million using a "bonding curve" method. The individual was able to abuse their role in the organization to grant themselves withdrawal capabilities, the company explained in a statement on May 16. Of the $45 million in the firm's bonding curve contracts, approximately $1.9 million was unlawfully siphoned off. Despite this predicament, pump.fun assured that trading, which was temporarily suspended, has been resumed. The firm also reassured its clientele, stating that their smart contracts remain secure and expressing its commitment to fully replenishing the liquidity of affected users in the next day.
Wintermute's Head of Research, Igor Igamberdiev, had earlier suggested that the intrusion resulted from a leak of an internal private key, hinting at a user known as "STACCoverflow" as the possible offender. In cryptic online messages, "STACCoverflow" hinted at disruptive actions and possible incarceration, expressing indifference to being exposed.
Prior to these events, pump.fun communicated that it had been cooperating with legal authorities to investigate the issue, however, it refrained from divulging the identity of the involved ex-worker. The company has yet to respond to requests for additional commentary.
pump.fun provided an explanation of the sequence of events that unfolded during the hack: The accused attacker made use of flash loans on the Solana lending protocol Raydium to secure Solana (SOL) tokens. The borrowed tokens were then utilized to purchase a myriad of coins. When the coins' values reached 100% on their corresponding bonding curves, the looter had the ability to drain the curve's liquidity and settle their flash loans. The total stolen in the attack amounts to 12,300 SOL tokens, equating to $1.9 million. This incident allegedly transpired on May 16, between 3:21 pm and 5:00 pm UTC. The Solana memecoin platform promised affected users full or more recovery of the liquidity they had prior to the attack.
Published At
5/17/2024 3:17:49 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.