Pump.fun, a Solana-based platform that streamlines token launches, appears to have been exploited.
The exploiter appears to have lost around $2 million by using flash loans to obtain enough SOL to buy the bond curve of the Pump.fun memecoin. The situation is developing and The Block has reached out to the project team for comment.
“We believe that Pump.fun “The bonding curve agreement has been compromised and we are investigating the matter.” wrote On social media platform
Pump.fun updated its contracts to prevent attackers from leaking more funds, adding that the total value of the protocol is locked and wallets connected to the platform are secure. We are cooperating with law enforcement and “relevant parties” on this matter.
“We have paused trading. Coins cannot be bought or sold at this time,” Pump.fun continued. “All coins currently migrating to Raydium are untradeable and will not be migrated indefinitely. All coins from Pump.fun Bond curve contracts with LPs locked in Raydium are secure.”
What happen
The platform is gone 12,300SOLThis incident resulted in a value of approximately $2 million, note Igor Igamberdiev, Head of Wintermute Research on X. He added that Pump.fun may have experienced private key compromise, which may have aided the loss of its assets.
A social media user using Stacc took credit for the exploit. Thursday on social media postStacc hinted at poor mental health, but said he was involved in a robbery and hoped his mother would rise from the dead.
“If you look at his tweets about his mother’s death, it seems like he has no plans to make money from this and is more about expressing his aggression and sadness, but things can change quickly.” X user passing by Sol Circle told the block. “He could cause major disruption to Solana’s memecoin space, as Pump.fun is one of Solana’s biggest assets.”
How Pump.fun works
Pump.fun “avoids lugs by ensuring that all tokens generated are secure.” The platform added on its website that each new coin will have no pre-sale or team allocation. Pump allows users to create new tokens for just a few dollars. Users select a token and then purchase it from the bonding curve. They can seal their profits or losses by selling their token holdings. A token that reaches a market cap of $69,000 will deposit $12,000 of its token liquidity on Raydium, a Solana-based decentralized exchange, before being burned. The bonding curve is a formula that determines the price of a token based on supply.
Pump.fun charges users approximately 0.02 SOL to create a new token, which costs $3.16 at current prices. According to The Block Price, SOL was trading at $158.056 as of 12:55 PM (16:55 UTC) May 16, up 3.45% in the last 24 hours.
Pump recorded its highest daily revenue of $1.23 million on May 14, according to The Block’s data dashboard, and most recently on May 15, the platform recorded more than $669,000.
Update (May 16, 2:06 PM ET): Added commentary from Wintermute Research Director and estimates of funding losses due to exploit.
Update (May 16, 3:52 PM ET): Abuse of loss figures, statement from Pump.fun.
Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.
© 2023 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.