As a researcher with experience in the cryptocurrency and blockchain space, I find the recent incident involving Pump.fun and the misappropriation of funds to be concerning. The fact that a former employee was able to exploit their “privileged position” by accessing the withdrawal authority and utilize flash loans on a Solana lending protocol to steal around $1.9 million is a clear indication of a lack of proper security measures and internal controls within the organization.
As a crypto investor, I’ve recently learned about the disappointing news from Pump.fun, a Solana-based meme coin launchpad. Unfortunately, it was revealed that a former employee took advantage of their “insider access” and used the “withdraw authority” feature to misappropriate around 12,300 SOL, which translates to approximately $1.9 million at the time. This unfortunate event is a stark reminder of the importance of transparency and accountability within the crypto community.
To prevent further damage, Pump.fun halted trading and updated the contracts.
Flash Loan Exploit
In a post on X, Pump.fun acknowledged that a past team member took advantage of their prior role in the organization by misusing the withdrawal authority they had been granted.
By employing flash loans from a Solana lending platform, an individual was able to acquire SOL and subsequently purchase coins, aiming to increase their value up to the maximum point on the bonding curves. This maneuver granted them access to the liquidity provided by the bonding curves, enabling timely repayment of the flash loans.
As a researcher examining the recent events on the trading platform, I found that transactions were momentarily suspended, impacting around $1.9 million of the total liquidity pool, which amounted to $45 million. The Pump.fun team promptly acted and reinstated the contracts, granting a 0% fee for all trades during the subsequent seven-day period.
The meme coin generation platform acknowledged that tokens which hit the maximum supply during the exploit now reside in a state of uncertainty and cannot be traded until new liquidity pools are established on Raydium, the Solana lending platform. To make up for this inconvenience, the developers have pledged to refill the affected coins’ liquidity pools with an equivalent or more substantial amount of SOL within the next 24 hours.
As a dedicated researcher in the field of cryptocurrency trading, I understand the importance of ensuring a safe and orderly resumption of trading for the coins in question. To accomplish this, we have been collaborating with esteemed security experts in the industry. Our goal is not only to mitigate the current situation’s impact but also to prevent any such occurrences from happening again in the future.
Internal Private Key Leak
As a researcher prior to Pump.fun’s announcement, I, Igor Igamberdiev from Wintermute, had attributed the cryptocurrency market hack to an internal private key leak and held suspicion towards user “STACCoverflow.”
After a short time, the user “Stacc” acknowledged carrying out the exploit and voiced displeasure towards their “bosses” at Pump.fun. He deemed them inappropriate representatives of the “blockchain” community due to their unsuitable demeanor.
Read More
- Hades Tier List: Fans Weigh In on the Best Characters and Their Unconventional Love Lives
- Smash or Pass: Analyzing the Hades Character Tier List Fun
- W PREDICTION. W cryptocurrency
- Why Final Fantasy Fans Crave the Return of Overworlds: A Dive into Nostalgia
- Sim Racing Setup Showcase: Community Reactions and Insights
- Why Destiny 2 Players Find the Pale Heart Lost Sectors Unenjoyable: A Deep Dive
- PENDLE PREDICTION. PENDLE cryptocurrency
- Understanding Movement Speed in Valorant: Knife vs. Abilities
- FutureNet Co-Founder Roman Ziemian Arrested in Montenegro Over $21M Theft
- How to Handle Smurfs in Valorant: A Guide from the Community
2024-05-17 19:27