The meme token launch platform Pump.fun on Solana has accused a former employee of an exploit resulting in a $1.9 million loss.
https://t.co/uE2QNKXkIT coin migration issue post-mortem
TL;DR:
1. the https://t.co/uE2QNKXkIT contracts are safe. they have always been safe
2. a former employee used their privileged position at the company to misappropriate ~12.3K SOL (~$1.9m)
3. https://t.co/uE2QNKXkIT is…— pump.fun (@pumpdotfun) May 16, 2024
According to the statement, the perpetrator used a “privileged position” to gain access to withdrawal rights.
He borrowed flash loans in SOL to purchase tokens to the maximum until they reached 100% on the “bonding curve”. As a result, the hacker gained access to liquidity to settle obligations.
Out of the total liquidity of $45 million, the losses amounted to $1.9 million.
The team promised 100% compensation to affected users and relaunched token trading, waiving fees for the next seven days.
“Solana shitcoins are back and more significant than ever,” the statement reads.
Igor Igamberdiev, head of research at Wintermute, confirmed that the incident involved the compromise of private keys and a user X with the nickname staccoverflow.
1/6
It seems like @pumpdotfun lost ~2k SOL ($300k+) and a bunch of memecoins through a possible private key leakage
So let me share evidence of it?https://t.co/yuuKYkamfZ
— Igor Igamberdiev (@FrankResearcher) May 16, 2024
Earlier, a member of the decentralized exchange Cypher team with the nickname Hoak claimed to have appropriated part of the funds stolen in an exploit in August 2023.