{"id":13588,"date":"2024-05-17T10:27:48","date_gmt":"2024-05-17T07:27:48","guid":{"rendered":"https:\/\/forklog.com\/en\/pump-fun-suffers-1-9-million-loss-in-insider-attack\/"},"modified":"2024-05-17T10:27:48","modified_gmt":"2024-05-17T07:27:48","slug":"pump-fun-suffers-1-9-million-loss-in-insider-attack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/pump-fun-suffers-1-9-million-loss-in-insider-attack\/","title":{"rendered":"Pump.fun Suffers $1.9 Million Loss in Insider Attack"},"content":{"rendered":"<p>The meme token launch platform Pump.fun on Solana has accused a former employee of an exploit resulting in a $1.9 million loss.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/t.co\/uE2QNKXkIT\">https:\/\/t.co\/uE2QNKXkIT<\/a> coin migration issue post-mortem<\/p>\n<p>TL;DR:<\/p>\n<p>1. the <a href=\"https:\/\/t.co\/uE2QNKXkIT\">https:\/\/t.co\/uE2QNKXkIT<\/a> contracts are safe. they have always been safe<br \/>2. a former employee used their privileged position at the company to misappropriate ~12.3K SOL (~$1.9m)<br \/>3. <a href=\"https:\/\/t.co\/uE2QNKXkIT\">https:\/\/t.co\/uE2QNKXkIT<\/a> is\u2026<\/p>\n<p>\u2014 pump.fun (@pumpdotfun) <a href=\"https:\/\/twitter.com\/pumpdotfun\/status\/1791235050643636303?ref_src=twsrc%5Etfw\">May 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to the statement, the perpetrator used a &#8220;privileged position&#8221; to gain access to withdrawal rights.<\/p>\n<p>He borrowed flash loans in SOL to purchase tokens to the maximum until they reached 100% on the <span data-descr=\"method of determining the relationship between the prices of the reserve token and the one issued on demand\" class=\"old_tooltip\">&#8220;bonding curve&#8221;<\/span>. As a result, the hacker gained access to liquidity to settle obligations.<\/p>\n<p>Out of the total liquidity of $45 million, the losses amounted to $1.9 million.<\/p>\n<p>The team promised 100% compensation to affected users and relaunched token trading, waiving fees for the next seven days.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;Solana shitcoins are back and more significant than ever,&#8221; the statement reads.<\/p>\n<\/blockquote>\n<p>Igor Igamberdiev, head of research at Wintermute, confirmed that the incident involved the compromise of private keys and a user X with the nickname staccoverflow.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">1\/6<\/p>\n<p>It seems like <a href=\"https:\/\/twitter.com\/pumpdotfun?ref_src=twsrc%5Etfw\">@pumpdotfun<\/a> lost ~2k SOL ($300k+) and a bunch of memecoins through a possible private key leakage<\/p>\n<p>So let me share evidence of it?<a href=\"https:\/\/t.co\/yuuKYkamfZ\">https:\/\/t.co\/yuuKYkamfZ<\/a><\/p>\n<p>\u2014 Igor Igamberdiev (@FrankResearcher) <a href=\"https:\/\/twitter.com\/FrankResearcher\/status\/1791164323047293325?ref_src=twsrc%5Etfw\">May 16, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Earlier, a member of the decentralized exchange Cypher team with the nickname Hoak claimed to have appropriated part of the funds stolen in an exploit in August 2023.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The meme token launch platform Pump.fun on Solana has accused a former employee of an exploit resulting in a $1.9 million loss. https:\/\/t.co\/uE2QNKXkIT coin migration issue post-mortem TL;DR: 1. the https:\/\/t.co\/uE2QNKXkIT contracts are safe. they have always been safe2. a former employee used their privileged position at the company to misappropriate ~12.3K SOL (~$1.9m)3. https:\/\/t.co\/uE2QNKXkIT [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":13587,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,44],"class_list":["post-13588","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-cybercrime"],"aioseo_notices":[],"amp_enabled":true,"views":"83","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/13588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=13588"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/13588\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/13587"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=13588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=13588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=13588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}